Undeployed Security Patches Are Common and Risky

Ongoing cyberattacks targeting Microsoft highlight the urgent need for unified endpoint and security management solutions. In mid-February, critical vulnerabilities were discovered in Microsoft Exchange, prompting the US Cybersecurity & Infrastructure Security Agency (CISA) to issue warnings about remote code execution threats known as CVE-2023-21529, CVE-2023-21706, and CVE-2023-21707. Exploiting these vulnerabilities allowed attackers to execute malicious code, compromise inboxes, and launch major attacks on organizations. Consequently, cybercriminals with Exchange accounts could potentially gain unauthorized access to email servers and cause significant harm.

In response, Microsoft swiftly released patches to address these vulnerabilities. IT and security personnel were expected to heed FBI warnings and numerous news reports, promptly install the patches, and secure their systems. However, despite the history of similar exploits leading to large-scale attacks on government agencies, businesses, and organizations, nearly 100,000 Microsoft Exchange servers remain unpatched even after several months.

Interestingly, the oldest versions of Exchange are not necessarily the most vulnerable to these threats. The 2013 version was found to have lower susceptibility to these exploits compared to the 2016 and 2019 versions.

Unfortunately, the failure to deploy important security patches is not a rare occurrence. Some CVEs have been left unaddressed for over a year, and one vulnerability, CVE-2013-6271, dates back more than a decade. This vulnerability, known as the GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability, raises concerns about organizations either disregarding warnings or being overwhelmed, which hinders prompt response.

Automating the Patching Process Can Help

The CVE list helps organizations effectively address cybersecurity concerns, but it can unintentionally assist cybercriminals. Hackers can easily exploit vulnerabilities by scanning enterprise systems for CVE issues. Failing to detect and patch these vulnerabilities exposes organizations to significant risks, potentially resulting in legal cases for negligence. Additionally, companies that don’t promptly address known bugs may struggle to obtain cyber-insurance coverage. To tackle these challenges, a simplified and automated patch management process is necessary.

Syxsense offers a solution by automating the patching process to ensure the following:

1. Deployment of all essential patches.

Deploying all essential patches refers to the process of identifying, acquiring, installing, and verifying patches for software systems. These patches address security vulnerabilities, fix bugs, and provide updates to improve system performance and stability. In this context, “essential” implies that these patches are vitally important to maintaining the integrity and security of the system. These patches protect against potential exploits and cyber threats, thereby making them a critical part of any organization’s cybersecurity strategy. Syxsense’s automated patching process ensures these essential patches are deployed in a timely and efficient manner, mitigating risks and enhancing system security.

2. Fast and automated patching procedures.

Fast and automated patching is integral to an organization’s cybersecurity strategy. By automating the process, organizations can swiftly respond to new vulnerabilities, reducing the window of opportunity for potential attackers. This approach reduces the risk of human error, enhances overall operational efficiency, and allows IT teams to focus on other key tasks. Furthermore, it ensures a seamless software performance with minimal disruption, thereby maintaining business continuity. In an era where cyber threats are continually evolving, fast and automated patching is an essential defensive measure to protect valuable data and maintain system integrity.

3. Patch superseding to address dependencies.

Patch supersedence refers to the practice of replacing old patches with newer ones that contain all the fixes of the previous updates, along with additional improvements or bug fixes. This process is crucial as it aids in managing the volume of patches that need to be maintained and deployed, thereby simplifying the overall patching process. Furthermore, superseding patches often address dependencies, ensuring that any linked patches are installed in the correct order to maintain system stability. In essence, patch supersedence is a critical aspect of patch management strategy as it optimizes system performance, reduces potential security vulnerabilities, and ensures the continuity of business operations.

4. The ability to roll back patches if necessary.

The ability to roll back patches is also crucial in a comprehensive patch management strategy. This functionality provides businesses with the flexibility to revert system changes if a deployed patch causes instability or negatively impacts performance. In some cases, patches may contain bugs or conflicts that weren’t apparent during initial testing phases. Being able to roll back mitigates the risk of prolonged system downtime and helps maintain business continuity. Furthermore, this feature allows organizations to maintain a stable environment while issues are being resolved, ensuring that operations continue with minimal disruption. This flexibility also provides an additional layer of security, as it enables businesses to respond rapidly to any unforeseen problems that may arise post-patching.