Comprehensive software reviews to make better IT decisions
Microsoft Troubles Continue; Zero-Day Vulnerability Places Windows Users at Risk
Reported by Microsoft on January 17, the company admitted to another vulnerability in the older versions of its Windows products. A vulnerability in the remote code execution (RCE) was found in the scripting engine of Internet Explorer (IE). The vulnerability applies to all versions of IE on Windows, which can corrupt memory so that attackers can execute arbitrary code. Programs include Internet Explorer and Windows Server 2008 through to Windows 2018.
Source: Microsoft Windows 7 Download at Microsoft, updated January 2020
The vulnerability works so that an attacker could execute code in the context of the current user – meaning that a hacker could gain the same user rights as the current user on the system. “If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system.” This would allow them to then install malicious programs, delete data, or create new accounts remotely. Microsoft further explained the attack method would most likely be “a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website, for example, by sending an email.”
Microsoft is aware of limited targeted attacks that have already taken advantage of this vulnerability. However, a patch won’t be released until next month’s Patch Tuesday. Internet Explorer and older versions of Windows still have a high user rate among businesses. Windows 7 has the second largest market share of all desktop operating systems at 32.74%. This user rate is only beaten by its successor, Windows 10 at 47.65%. This means devices are using unsupported Windows 7 today. These devices are currently an extreme security risk.
One solution is to simply use another browser. For businesses that are unable to move away from the old Internet Explorer and Servers for operational reasons, there are some additional mitigation factors they could consider. Running the programs in a restricted mode will reduce the chance of malicious content from being able to make changes on the devices. ØPatch has created a temporary micro patch to address the problem to use as a stopgap until Patch Tuesday. Users of Windows 7 and older Windows products should be vigilant against any unsolicited emails that may be attempting to direct you to a malicious site.
Want to Know More?
Have you ever thought of what else you could do to take your security operations center (SOC) to the next level and focus on prevention? Look no further – external attack surface management (EASM) was a popular managed service and topic of discussion at Rivest–Shamir–Adleman (RSA) Conference 2023, named after a popular public-key cryptosystem.
By exploiting a five-year-old configuration error, a hacker was able to access Amazon’s S3 cloud storage buckets on which Twilio’s code was loaded. As a result, customers were able to unknowingly download the modified code for twenty-four hours.
Qualys VMDR and Ivanti have announced a new partnership dedicated to improving the detection and patching of vulnerabilities. Announced July 30, the Qualys and Ivanti Partnership have already gone live as an integrated component of the VMDR solution.
Remote Work Landscape Pushes Microsoft to Releases Endpoint DLP and Double Key Encryption Features for Added Data Security
Microsoft recently previewed the specific features to tackle data security and risk management for end users with Microsoft Endpoint Data Loss Prevention (DLP) and Double Key Encryption. The reason for the launch? The increasing shift towards a remote work environment and a need to mitigate the accompanying risks.
IBM is changing the terms of its ubiquitous Passport Advantage agreement to remove entitled discounts on over 5,000 on-premises software products, resulting in an immediate price increase for IBM Software & Support (S&S) across its vast customer landscape.
RiskSense announced on July 13 its new version of the cloud-delivered RiskSense risk management platform. The main draw of the program is its holistic risk calculation across CVEs and CWEs.
To bolster and broaden its data privacy capabilities for end users, cyber and data protection vendor Acronis has acquired DLP player DeviceLock. The acquisition aligns with the increasingly prevalent role that data privacy plays in cybersecurity.
Cyberthreats are omnipresent for any enterprise. Monitoring ingress and egress points while still conducting business is a balance security professionals attempt to strike. Couple this with the continued security issues around remote work during the pandemic, and security teams have their hands full.
Navigating the vendor risk management space, particularly in the current environment that consists of a mix of cloud, managed services, and critical supply chain, is key to ensuring that you don’t inadvertently introduce new risks through this dynamic channel.