In today’s complex digital landscape, the importance of configuration security a...
Missing OS Patches? You Leave the Door Wide Open to Hackers
Attacks are becoming more sophisticated, hackers are becoming smarter, and so should be the defenders. The attacker eyeing your organization is looking for the misconfiguration that will let them in. So should you.
We're always on the lookout for these misconfigurations, as they could be exploited by threat actors resulting in a cyber-attack such as ransomware.
Common causes of misconfiguration are human error. This is where the IT practitioner either lacks the correct skills for the tasks at hand, or they falsely believe that the task has been completed correctly.
At GYTPOL we frequently witness and report software-update management mistakes. In this post we will cover some of the common ones, and how to find them.
Up to snuff on being up-to-date?
Keeping your OS and other applications up-to-date with the latest patches is important to ensure you have all the critical updates to keep your environment secure.
Patch Tuesday is the name given to when Microsoft releases its Cumulative Updates (CU) which is typically the second Tuesday for each month (and sometimes the fourth Tuesday).
Most organizations will use the Microsoft SCCM tool to manage software updates. There are many great guides or online videos which can walk you through the steps to achieve this using the tool. The general process is:
- Sync software updates
- Create Software update group
- Create Software update package
- Deploy
If you are familiar with the process you will know there are many steps and configurations required to perform what appears a simple task.
However, there are two types of misconfigurations which can cause a security risk and act as an initial attack vector by hackers:
- Not choosing all the required patch update packages
When using SCCM, you need to select all the relevant and required patch updates when creating the software update package.
The long list of updates available covering all Microsoft products often results in confusion and not all the updates selected.
We often speak with customers who believe they have correctly selected the right updates and their endpoints are up to date. Yet, when the endpoints are analyzed by GYTPOL Validator, we will find this not to be the case.
- Workstations and Servers are not updating
Once the SCCM has successfully deployed the update package, the endpoints and servers will be triggered to perform the update. Not all endpoints & servers will receive the trigger message or are able to successfully perform the update.
While there are retry mechanisms, some will end up not updated and this can continue from month to month. This scenario is becoming much more common in recent times especially with employees working from home and not using a VPN to connect to their organization’s network, which is required to receive the update.
An elegant solution
To keep an organization secure, the IT and SecOp teams need to ensure all endpoints are patched and up to date. They need the visibility on the status of patch updates on all endpoints including those who are remote and not connected via a VPN.
GYTPOL is helping organizations overcome these two common misconfiguration scenarios.
Firstly, it monitors all workstations and servers in an organization and will identify & alert to IT Admins and SecOps when the baseline is out of date / missing critical patches. Secondly, it will also report which endpoints have not been updated and allowing remediation actions to be taken.
GYTPOL is constantly reporting the endpoint status, whether it’s connected to the network or working from home remotely.
About Author
Tal Kollender
With a background in hacking, Tal's filled senior cyber roles for the IDF and Dell EMC. In 2023, Tal was named "Cybersecurity Women Entrepreneur of the Year" by the Unite Cybersecurity Alliance.
Subscribe to
our Newsletter
We are ready to help you until and unless you find the right ladder to success.
Related Posts
Join over 25,000 in beating the failure of strategies by following our blog.
Please join us as we take you on a journey through the looking glass and into th...
7 minute read
In evaluating endpoint posture and network integrity, configuration audits are e...
6 minute read
Endpoint configurations are essential to good security. That’s always been the c...
Comments