11-09-2022 01:08 PM - edited 11-09-2022 01:39 PM
Patch Tuesday has become Zero Day Tuesday ... there are six actively exploited vulnerabilities this week alone. It's not always possible to wait for a patch, or a patch may not be sufficient (recall PrintNightmare, Follina, and MSDT). There was a practical risk with each of those examples and a "patch gap" as time passed between disclosure and the "official" fix from Microsoft. The gap grows only when testing and approval processes further delay taking action.
It's striking that most IT teams opted to wait instead of mitigating the risks, because mitigations are great options for security protection. They can provide faster protection and limit uncertainty. The lesson is: don’t just sit there waiting for a patch, use commands to implement a mitigation after you weigh the potential impact(s). This is even more significant if your organization is using an un-supported OS that doesn't have any vendor patch forthcoming.
Let's revisit one of the six vulnerabilities that are being actively used by attackers right now, CVE-2022-41128. It's a low complexity attack that only requires user action to exploit. Thankfully, there's already a patch available and applying it will eliminate this problem. Ask yourself, what would I do if there wasn't a patch? You could mitigate.
The JumpCloud commands infrastructure can do this in a bulk operation or even to a test group before your mitigate. The PowerShell module can apply a mitigation to your Windows fleet if you're domainless enterprise or when AD is integrated with JumpCloud. This community is a great place for IT admins to discuss possible mitigations when there's a future "patch gap". How many of you are PowerShell gurus?
Raise your hand if you are, and let's plan on revisiting this topic.
New to the site? Take a look at these additional resources:
Ready to join us? You can register here.