Software vulnerabilities are being discovered more and more frequently each year. These vulnerabilities can range from nearly insignificant to major threats, posing massive risks to an organization. It can take a lot of work to keep track of all of the newly discovered vulnerabilities. Despite this, it is vital for security teams to stay on top of any newly discovered bugs to ensure that they are maintaining proper security in their environment
Constantly Growing Threat Landscape
The world is progressively more and more digital. This provides massive convenience for organizations looking to increase their efficiency and reach, but can also add a layer of complexity. In 2022 alone, there were over 25,000 newly discovered CVEs. This was a record high in a constantly growing number. This includes some extremely severe and commonly exploited vulnerabilities, such as the Atlassian Confluence RCE and the Microsoft Windows Support Diagnostic Tool (MSDT) RCE.
Threat actors routinely monitor and research common applications for vulnerabilities such as these to arise. It can take a matter of minutes for attackers to compile massive lists of targets based on a vulnerable component in the network. Tools such as Shodan.io make this process very fast and easy. There can often be a gap between the discovery of a vulnerability and the time to release an official patch, making defending against attack difficult
In addition to threat actors, there are luckily benevolent security researchers constantly looking for new vulnerabilities in the hope of finding them before the bad guys. Once a security researcher is able to identify a dangerous bug, the process of patching it can begin. Even if it takes the vendor of the product some time to release an official remediation, this can warn companies of the threat and possibly provide some short-term mitigations.
At the time of this writing, a patch has just been released for SolarWinds Access Rights Manager this week, addressing three new critical vulnerabilities along with five lower severity vulnerabilities. This shows how often major bugs are identified in commonly used applications. These vulnerabilities included multiple methods of achieving RCE on the affected applications. Aside from RCE, there were also privilege escalation vulnerabilities identified in the affected version.
Defending Against Cutting Edge Attacks
It can be difficult to properly defend against such urgent problems. With such high levels of complexity in many organizations, it is easy for certain bugs to slip through the cracks and vulnerable components to be left unpatched. Many software components are regularly targeted, making the patch cycles often reactive and unpredictable. In the case of SolarWinds, this is not the first, even recent RCE vulnerability discovered.
Just as threat actors are always on the lookout for new vulnerabilities, defensive teams must be doing the same. If patches can be applied as the problems are discovered, it can minimize the time that vulnerable components lie on the network. In the event that an official patch has not yet been released, it can at least allow for some time to make temporary changes or temporarily disable the dangerous software. Responding quickly to notices of vulnerabilities is a critical step for defenders to take.
It can be difficult to keep track of every part of the network that has been configured. This problem compounds as organizations grow. Despite the difficulty, it is a vital step to take. Knowing exactly what is running and where can streamline the remediation process in the event of a newly discovered threat. Security teams need to always be ready to react to these events.
Aside from just reactive defense, it is important to regularly keep all network components up to date. Regularly reviewing the entire network and working to update everything to the latest version helps to preemptively block attacks. There can often be problems where certain components rely on a specific version of another piece of software. If a vulnerability is discovered in the dependency, it should be fully understood to work to mitigate it as well as possible.
Vulnerable components should never be exposed to the internet. Even fully patched software with no known vulnerabilities is often better locked behind a private network. Administrative panels are a common target for attack due to the value of the information that lies behind them. All too often, these are exposed to the internet and open up a path for malicious hackers to take for access. This becomes even more dangerous if the panel has a software vulnerability.
Meet Your Security Goals With Blue Goat Cyber
Comprehensive security can be complex. That’s why our team specializes in identifying any vulnerabilities in your network, through 3rd party software or otherwise. We are also able to help secure any home-brewed applications to help prevent attacks before your product is released. Contact us to help find a solution right for you.
