Adobe Zero Day and Third Party Software
This month, a new zero-day vulnerability in Adobe Flash Player was discovered via a cyberattack against the hackers-for-hire firm Hacking Team. A large amount of internal information that was leaked by the attackers contained data on the exploit, which could crash a computer and allow a remote attacker to then take control of the machine.
This is yet another bug discovered in Adobe software along with an extensive list of vulnerabilities. Unlike the rest of the security community, hackers know and exploit Zero-day vulnerabilites, which means that often no protective controls are in place and detection is difficult. When these vulnerabilities are discovered, they need to be patched as soon as possible since they are already being exploited by hackers.
Here are some ideas on how to help secure your networks:
- Disable/Remove. This is by far the best control to establish if you can afford it. Disability and removing this software will protect you from current and future vulnerabilities in offending software. Of course you need to make sure the users do not have the rights to install these components back on. This article by Symantec explains how to disable Flash plugins for browsers.
- Apply Patches Quickly. Recently, Microsoft has been doing a decent job of automatically applying patches to its components and 3rd party patching has become the next important part of your security updates policy. In cases where removal is not an option, make sure that these components are set to auto-update on the systems it is installed. Both Adobe and Oracle have software to monitor for updates. Also some IT management tools (e.g. Winxnet’s tool of choice, N-able) have very useful facilities to cover specific 3rd party software in a centralized manner. This allows for controlled enterprise-wide patching with literally a single click.
- Detect and Protect. Zero day exploits do and will happen, so you need to be prepared, and timely detection becomes one of the most important controls you have. Detecting and responding to intrusions quickly will remove the thing that hackers need the most at the beginning – time. This detection should come from both the end-point system with a properly tuned and centrally managed anti-virus and your enterprise-wide intrusion detection system (e.g. FortiGuard IPS, Snort).
There are no silver bullets in cyber-security and there are no set-and-forget solutions. Attackers are constantly seeking new ways to compromise our defense so we need to be vigilant and proactive to protect our information and business.
Winxnet has a team of experts who are available to help your organization avoid breaches. Contact us today to speak with our Security professionals and help get your business started on the right track.