Tuesday

Patching, Damned if you do, Damned if you don't



The IBM ISS Blog released a preview on vulnerability trends and started a discussion:

For the first time, X-Force witnessed a reduction (-5.4 percent) in new vulnerability disclosures from the previous year. The drop could represent an anomaly, a statistical correction or a new trend in the amount of disclosures.

Although there was a decrease in overall vulnerabilities, high-priority vulnerabilities increased by 28 percent. Researchers could simply be focusing on the sometimes more difficult, high-priority finds.

So were there less flaws in general but are the flaws more serious????

And you wouldn’t necessarily hear about a successful zero-day attack, anyway, Aitel says. “How do we know these ‘known vulnerabilities’ were not first widely used as zero-day? We don’t.”

Robert Graham, CEO of Errata Security, notes that zero-days aren’t typically used for everyday attacks. “The average user does not have to worry about an 'O-day,'” he says. “But if you’re a high-value target, [then you do]. The military gets hit a lot with zero-days.”

“There are people who discover O-days and then those who take any exploit and make it widespread -- these are different skills,” Graham notes. Once a zero-day gets discovered and everyone starts using it, then it becomes well-known, he says. (Source: Darkreading.com)

With all the different patches for all different vendors coming out, malware writers don't need 0-day exploits. People aren't patching them at all or not that fast.

When I was testing Secunia's Personal Software Inspector. I discovered that installing new Java Runtimes (JREs) does not block off access to old ones. *gasp*
A website can request a specific version and if installed and it will load. So uninstall all those other versions before upgrading.

Keeping the OS up to date is less of a problem today with windows update but keeping third party software and plugins seems to be very hard for most people.

And even if you do patch, the latest Adobe pdf vulnerability seems to have been exploited three week before the patch. It's not the first vulnerability in Acrobat Reader. Replacing Acrobat Reader by an alternative like Foxit Reader seems like a good option.

Update: Other options besides Secunia PSI are UpdateStar (Windows), SUMo - Software Update Monitor (Windows), VersionTracker [Pro] (Mac and Windows), RadarSync (Windows), UDC - UpdateChecker (Windows), Belarc Advisor (Windows), and App Update Widget (Mac). (Thanks SANS ISC)

Posted by Security4all at 19.2.08

Labels: , ,

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)