Patching systems for vulnerabilities is not the time-consuming process that some people would have you believe. Even it was a time-consuming process, not patching systems right away can cause you many problems. For example, the Equifax breach was caused in part due to an unpatched system. Isn’t is worth your time to patch your systems to prevent a large-scale breach?
This week, Microsoft released patches to address 120 software vulnerabilities, as well as 2 zero-day vulnerabilities. According to the Hacker News, here is just a short list of things that can get your computer hacked if you don’t apply the latest Microsoft patch:
- Play a video file — thanks to flaws in Microsoft Media Foundation and Windows Codecs
- Listen to audio — thanks to bugs affecting Windows Media Audio Codec
- Browser a website — thanks to 'all time buggy' Internet Explorer
- Edit an HTML page — thanks to an MSHTML Engine flaw
- Read a PDF — thanks to a loophole in Microsoft Edge PDF Reader
- Receive an email message — thanks to yet another bug in Microsoft Outlook
The Zero-day patches address some serious issues as well. CVE-2020-1380 - Scripting Engine Memory Corruption Vulnerability is a remote code execution vulnerability in Internet Explorer 11. Bleeping Computer quotes Microsoft: “this vulnerability is being actively exploited in attacks, and as it can be used in malicious Office documents, it was most likely spotted in phishing campaigns.” The second Zero-day vulnerability, CVE-2020-1464 -Windows Spoofing Vulnerability, allows attackers to spoof other companies when digitally signing an executable.
The full list of vulnerabilities being addressed by this current patch can be found here. Even though it is a big list, the fix is relatively simple. All you need to do is click on the Start Menu → open Settings → click Security and Update and install any new updates available. If you think it’s just Microsoft products that need to have vulnerabilities patched, you’re wrong. Adobe, Android, Apple, Google, Intel and SAP also released important updates this month.
One of the easiest ways to try and stay ahead of cyber attacks is to implement a regular vulnerability remediation management schedule. If you are having challenges implementing or sticking to a regular remediation schedule, Uzado can help. Contact us today.