Halkyn Security Blog
Specialist Security & Risk Management Consultants

Security Patches – Internet Explorer – Act Fast

For lots of enterprises, security patches are a pain to test, a pain to deploy and frequently frustrating when they require downtime for the inevitable system reboots.

However, security patches are also a significantly important mechanism for protecting your environment against attacks. They really are.

Security Patches - May 2015

Security Patches – May 2015

This month, Microsoft have announced 13 security patches – three of which are rated as “critical” by both Microsoft and SANS despite there being no known exploits in the wild.

Unfortunately for lots of organisations, this means that they will downgrade the priority and, in some cases, will delay patching for weeks if not months.

This is a mistake.

On the day security patches are announced, it is rarely clear if exploits are out in the wild. The nature of vulnerability research means that lots of the specifics are kept quiet and often different researchers hit upon the same vulnerability at the same time.

The problem is that it isnt JUST the researchers who find vulnerabilities.

So, on the day the security patch is released, we know that there are “white hat” researchers who can exploit the vulnerability but we dont know if there are any (or how many) nasty “black hat” types have also found it. If Metasploit doesnt have a module for the exploit then we sort of guess its not in the wild, but this is just a guess.

Security Patches - IT Plasters

Security Patches – IT Plasters

From here things get worse. As soon as patches are released, the bad guys will be able to start reverse engineering the code and building exploits. Worryingly this can happen an awful lot faster than most IT managers would ever imagine.

It is realistic to assume that within about 24 hours of a security patch being released, high end hackers will have a way of exploiting the vulnerability. Within 48 – 72 hours more will have it and by the end of the first week, exploits will be available to pretty much any malicious hacker who wants it. It might not yet be a metasploit module, but that just means you are safe from the bottom end script kiddies.

Delaying patches is a massive mistake. Check them, test them and get them into the environment as quickly as possible or make sure you fully understand the risks and have some compensating controls in place.

Similar posts
  • Dashboards vs Security – are th... Metrics, Dashboards and Security Like them or not, metrics are a fundamental part of every organisation. Security doesn’t get to a free pass. It is a rare CISO who doesn’t demand dashboards showing how all the security controls are performing. Therefore for most organisations, this is a fight long lost. This may not always be a [...]
  • Security Incident Response Really Doe... Incident response is one of those things you really hope you’ll never have to use, but know you will. Or at least you should know! Even with the best security, there will come a day when you are up to your eyes in chaos. Either a live security incident or, worse still, picking up the pieces [...]
  • North Wales Cyber Security Cluster &#... The North Wales Cyber Security Cluster is meeting on 21 April at Solvings Ltd, in Mold, Flintshire. Solvings provide a great location and the cluster is a wonderful opportunity to learn about cyber security. Access to cluster meetings is free and everyone is welcome. No prior knowledge is needed. There really are no stupid questions! Clusters [...]
  • Ransomware: Don’t panic –... Since Cryptolocker appeared in late 2013, it seems hardly a day can go by without some ransomware attack hitting the news. The variations all have entertaining names like Teslacrypt, Locky, PayCrypt (etc). The impact on the victims can be monumental. Tracking sites show new versions appearing several times a day – much faster than most [...]
  • 3 essential elements of any Infosec f... As the news often shows, Information Security (infosec) is a big part of any organisation. From the small business with just a couple of computers to the global enterprise, infosec wraps around what you do, keeping you safe. Infosec is the function which keeps you servicing your customers. It protects your data. It ensures that [...]

Recent Tweets Recent Tweets