Most vulnerabilities are based on remote code execution errors

Google Chrome: Gepatchte Schwachstelle zeigt potenzielle Gefahr von Zero Day-Exploits

Alliance “Five Eyes” publishes list of exploited vulnerabilities

Paul Baird, UK Chief Technical Security Officer at Qualys

This list of vulnerabilities shows that attacks on IT security can be prevented most effectively by quickly patching known vulnerabilities.

Paul Baird, UK Chief Technical Security Officer at Qualys

The vulnerabilities enable serious remote code execution and privilege escalation attacks, are easy to exploit and are present in a variety of applications or software.

It is interesting that most types of vulnerabilities are remote Code Execution errors (RCEs). RCEs are dangerous because they can almost always be performed by automated tools, so the attacker can attack a wide mass and only have to check which targets have been attacked. It also seems that most product exploits are usually located outside or very close to the border of a corporate network (DMZ), which suggests that they are easier to hit. Malicious actors don’t have to break into a network to attack their targets with these exploits, because they are located in systems that are publicly accessible for a good reason. This suggests that the 15 vulnerabilities are an easy target for the attackers.

The Intelligence Alliance of the United States and the United Kingdom (UKUSA), as well as the countries of Australia, Canada, and New Zealand (the Alliance of Five Countries is known as the “Five Eyes”) has issued a list of vulnerabilities. This includes Log4Shell, ProxyShell, ProxyLogon, ZeroLogon as well as vulnerabilities in Zoho ManageEngine AD SelfService Plus, Atlassian Confluence and VMware vSphere Client

Microsoft products make up the majority of the list (9 out of 15). Is this because there are more Microsoft products, are they inherently more insecure or just harder to patch?

The fact that ZeroLogon and two other, unnamed CVEs were already exploited in 2020 and are still in the top 15 shows that companies do not have a handle on the most important foundations of cybersecurity such as transparency, vulnerability and patch management. These vulnerabilities are targeted because the software itself is widely used, difficult to update, or both cases are true. The “Baron-Samedit problem” in sudo is a good example: sudo is installed in Linux, and this vulnerability allowed root access without any problems and affected a large part of IT assets. Linux is installed on so many devices that it was a challenge to update all of them.

For some companies, problems such as Log4Shell remained, as the patches would affect other business-critical applications. Therefore, an additional effort had to be made here to fix these problems. When choosing between a potential risk or a “denial of service” attack and an actual “denial of business” problem, the focus on business quickly prevails, since companies cannot survive if their operations are disrupted.

Conclusion

Security teams face the challenge of knowing the risks associated with inadequate patch management. The problem is that theory meets practice. Too many companies still do not have accurate and up-to-date information about their assets, as well as suitable software. You therefore do not know how vulnerable you are to problems in software components such as Log4J. Without this complete picture, no company can determine whether its IT systems are fully secured. To solve this problem, companies need to invest more time in inventorying and managing their assets. As soon as these are up to date, all available patches and updates of the applications can be made in the course of patch management. This is of fundamental importance for effective security on a large scale.

Outsourced Software Development Services | Dedicated Software Development Team

Ready to see us in action:

More To Explore

IWanta.tech
Logo
Enable registration in settings - general
Have any project in mind?

Contact us:

small_c_popup.png