Vulnerabilities exploited at lightning speed
"The development of the digital threat in the Netherlands is worrying”" said Minister of Justice and Security Fred Grapperhaus last month about the annual Cyber Security image in the Netherlands (CSBN). One of the focal points of the document is that cybersecurity resilience must be increased. The Digital Trust Center, set up for corporate Netherlands that does not fall under the vital sector, has set up 5 basic principles to increase cybersecurity resilience for secure digital entrepreneurial Netherlands. One of the basic principles is the constant execution of updates.
This article discusses the challenges that running updates entails and why running updates is important.
Round of vulnerabilities July
By mid-July, several critical vulnerabilities have already been published that could have direct consequences for organizations. Abuse of these vulnerabilities often leads to takeover of systems and/or networks. It is striking that the possibility of exploiting a vulnerability is becoming available more and more quickly. The table below gives an overview of the number of days during which the possibility of exploiting the vulnerabilities has become available. This includes five known vulnerabilities in widely used systems or applications from the month of July. On average, it takes three days until a working Proof of Concept (PoC) of a vulnerability is published with active abuse as a result. The fastest PoC was even released within one day. Reason enough to update in time!
| Vulnerability | Published by vendor | (Public) PoC | Days to exploit/PoC |
|---|---|---|---|
| BIG IP F5 TMUI (CVE-2020-5902) | 1-7-2020 | 5-7-2020 | 4 |
| SharePoint/ .NET RCE (CVE-2020-1147) | 14-7-2020 | 20-7-2020 | 6 |
| Windows DNS (CVE-2020-1350) | 14-7-2020 | 16-7-2020 | 2 |
| Citrix ADC (CVE-2020-8193) | 7-7-2020 | 8-7-2020 | 1 |
| SAP Netweaver (CVE-2020-6287) | 16-7-2020 | 20-7-2020 | 3 |
Challenges in patching
To perform updates, it is important to know which products are being used and when a patch/update is available. A tool for this is a sound patch management policy. This describes the design and implementation of a policy regarding patching and updating. In addition, understanding the risks of vulnerabilities is important. It is also necessary to make clear who is responsible for the final product.
Questions in the context of patching:
- Is there an overview of all the systems and resources in use in the organization?
- What consequences, risks do the vulnerabilities have for the organization?
- Can the patches run before the date according to the standard patch calendar?
- Is the provider of the IT Services asked if all patches have been executed?
The S-Unit: Bridging The Security Gap
Questions about threats, vulnerabilities, POCs, Exploits or patch management? The S-Unit provides support in gaining insights and performs penetration tests. Feel free to contact us for a free conversation about these topics.
