When an organization gets breached by malicious actors, it often follows a familiar script. Often the intrusion is the result of someone running unpatched or out-of-date software. One the one hand, given the inertia of a lot of large organizations, it’s easy to see admins taking an “if it ain’t broke, don’t fit it” approach. But as quickly as that excuse comes to mind, the Cassandras can be heard wailing, “Patch all the things!”
For many reasons, organizations can take some time to roll out patches. Especially for mission-critical applications, adequate testing is often needed to ensure nothing breaks in production. So some window needs to be accounted for. If an exploit follows safe disclosure from security researchers, usually this isn’t much of an issue. A patch is released prior to the details of an exploit being published. So even though the severity of the exploit is newly discovered, organizations have had time to get patches out there.
That’s what made a recent patch from Saltstack so problematic. They released two critical patches to their Salt server management platform, but it appears it was already being actively exploited. Even as the patches were being released, attackers appeared to used automated scanning to find vulnerable systems and get entry. This was within 24 hours of the patch being published.
It’s easy to blame complacent IT practices for not patching “all the things.” But these kinds of exploits show that even a militant stance isn’t impervious to malicious actors. Patching software in a timely manner is an essential part of maintaining security. But this instance shows it’s only one part of your security posture.
- How is COVID-19 Impacting Digital Transformation? | Gestalt IT Rundown: May 27, 2020 - May 27, 2020
- Checksum: Episode 3 – What’s Going on with the JEDI Contract? - May 25, 2020
- Catching Up On Microsoft Build 2020 | Gestalt IT Rundown: May 20, 2020 - May 20, 2020
- Checksum: Episode 2 – Is IoT Security a Nightmare? - May 18, 2020
- AWS Rolls Out Graviton2 M6g instances - May 18, 2020
- The Three Philosophies of SolarWinds APM - May 15, 2020
- Rubbing Salt In the Exploit - May 15, 2020
- Dell EMC Unifies Midrange Storage with PowerStore | Gestalt IT Rundown: May 13, 2020 - May 13, 2020
- Riverbed Wasn’t Built In a Day - May 12, 2020
- Checksum: Episode 1 – Why Did Nvidia Buy Mellanox? - May 11, 2020