Why Security News Scrutinized to Nth Degree

Why put such an emphasis on keeping up with the Security news?  When a new hack comes out it takes time to create the attacks and the defenses, that initial time from the vulnerability being introduced is the most important time you have.

vulnerability-attacktimeline

 

 

Once the Vulnerability is introduced then there is a certain time limit of when an exploit is released in the wild t(0) which means a Zero-day attack is now in full swing.  A Zero-day attack means that the hacker’s exploit can attack machines and nothing can be done.

At the same time the “Exploit released in the wild” the vendor with the vulnerability has a clock ticking – until a patch is developed we have no recourse, other than not using the software:

 

 

Windows clients “forever day vulnerability affects all windows versions”

http://oversitesentry.com/forever-day-vulnerability-affects-all-windows-versions/

Or in specific SMB server instance with this vulnerability:

cylancespearRedirectToSMB-Diagram-02

 

Microsoft NTLM automatically authenticates via SMB when following a file://URL  https://www.kb.cert.org/vuls/id/672268  April 13th was the Cylance info, but cert.org has a notification of March 11th.

This particular vulnerability has no fix yet… I wonder when Microsoft will find a fix? It takes time, as one has to make sure all functionality is still there while fixing the flaw.

 

So that is one with no fix,

How about a specific vulnerability:

https://technet.microsoft.com/library/security/ms15-044

This remote vulnerability in Microsoft font driver could allow remote code execution(3057110) published May 12, with  June23 updated

Also known to security people as CVE-2015-1671

 

Which showed us the time the vulnerability was detected: 02/07/2015

With the disclaimer that just because that is when it was reserved, does not mean that is when it was found.

 

The vulnerability was found in February 7 while a patch was released on May 12th with another fix or update on June 23rd.  Revised due to bugs with the patches.

That was 3 months of unfettered access to your machine as long as an exploit can make you click on something.  4 months if you count the problems with the patches.

There are even more dangerous bugs or “worms” since some worms can propagate while scanning or attacking other machines. Thus in effect recreating itself infecting more machines and so on.

 

The act of telling everyone about a vulnerability is very important and thus has been clamped down on as much as possible by the big vendors (Microsoft, Cisco, Adobe, and Oracle among others)

 

The fact that forever vulnerabilities (with no fixes foreseen) could cause unforeseen issues. As soon as things hit the news it is too late of course, but that is why one must have as much news and contacts as possible to understand the problems that are in the wild right now.

This is why I created this website – to help others understand this concept and to discuss and propagate the fixes to problems “Oversite Sentry”

Contact Me   to discuss this issue or other Security problems you may have.

http://oversitesentry.com/tonyz/pubhtml/fixvirus/aboutus/

 

Advertisements