Security vulnerabilities are increasing and just not so long before, we had to deal with so many of them. Remember WannaCry? In this post, we will discuss some important case in points with respect to security vulnerabilities and how important are security patches and updates.
The WannaCry scare
The biggest ransomware attack in history was caused by WannaCry. It took down more than 300,000 computers across 150 countries. This attack was launched by using the EternalBlue exploit, which exploited the vulnerability in SMB V1 (Server Message Block) protocol of Windows.
NotPetya attack
WannaCry was soon followed by another massive ransomware attack called NotPetya. Even this used the exact same vulnerability to spread itself with an addition of the Mimi Katz routine.
Who were the victims?
The security patches for all these vulnerabilities were available before they got exploited by attackers. For obvious reasons, victims were those users who didn’t apply the security patches.
So, how important are security patches and updates and what do you mean by a vulnerability and exploit?
- A security vulnerability (also known as a security hole) is a security flaw detected in a product that may leave it open to hackers and malware.
- An exploit is a code purposely created by attackers to target a vulnerability. This code is typically incorporated into a malware. Once the exploit code is successfully executed, the malware is dropped on the vulnerable system.
In addition, there are zero-day exploits. These are used to target an unpatched software vulnerability on the same day the vulnerability is discovered (this type of vulnerability is called zero-day vulnerability). In short, in this attack, there are ‘zero days’ between the discovery of the vulnerability and the first attack.
How Google’s Project Zero works with vulnerabilities
Google’s Project Zero team which works on vulnerabilities, usually gives 90 days to software vendors for releasing patches for discovered vulnerabilities. If a vulnerability is critical, then the time given is 7 days. If a software vendor fails to release a security patch even after 90 days, Project Zero automatically makes the information about the vulnerability public. They also provide a sample attack code publicly, so that users can take the necessary steps to avoid any potential attacks.
So, what are security updates and its types?
Almost every software that we use needs to be updated. Some updates fix security patches, some fix bugs, and some add new features which were not available in the previous version of the software.
Updates are usually classified into either Hot Fixes or Service Packs.
- Hot fixes are patches that address a single specific issue with Operating System or related files.
- A Service Pack is a set of hot fixes and other system enhancements. It is a collection of all fixes that bring an Operating System up to the latest, more secure version.
Security updates are classified into three types depending on their severity. They are as follows.
- Important updates
Tackles critical security issues. These are usually critical patches for a vulnerability whose exploit has been made available.
- Recommended update
Often address functionality issues.
- Optional updates
Provide items such as driver updates, language packs or updates that enhance or add new functionalities to a system.
Why should you patch your computer?
As explained earlier, systems updated with the latest security patches stay less vulnerable to attackers.
Following are some simple steps that can help keep your information and system protected
- Keep OS and other software up-to-date. Always keep Automatic Updates ON.
- Don’t click on links or download attachments in unknown, unexpected or unwanted emails or messages.
- Avoid clicking on pop-up ads
- Keep your antivirus up-to-date.
- Use an antivirus that offers multiple layers of security against attacks that target security vulnerabilities and threats such as ransomware, spyware, phishing attacks, and so on.
Seqrite Endpoint Security’s (EPS) Patch Management feature
The Patch Management feature in Seqrite Endpoint Security suite can inform admins about software that are vulnerable or not up-to-date.
You may visit the link given below to manually download security updates and patches from Microsoft:
https://portal.msrc.microsoft.com/en-us/security-guidance
Subject Matter Expert
Mangesh Bhasme | Quick Heal Security Labs
No Comments