It was recently reported that a Microsoft Windows and Office vulnerability was already being targeted by criminals. If you search on Google for keywords such a Windows and zero day exploit, it’s interesting to summarise the respective web pages mentions:
- Windows – Approximately 7 Million web pages
- Mac – Approximately 500K web pages
- Linux – Approximately 500K web pages
IBM’s X-Force team publish all new threats via their X-Force Alerts and you’ll see the usual suspects. As outlined in this CRN Article, IBM’s X-Force Team advised that attackers “use a path of least resistance to gain a maximum return on exploits”.
It’s one thing to be notified of these threats, but how do you confidently address them easily within your organisation? This is a particular challenge with thousands of PCs and Macs and a mobile workforce. Some of whom may be travelling for days and not regularly connecting to a corporate network.
The good news is, there are tools that can help. Within hours of vulnerability being identified, IBM’s BigFix team will package and re-test a published hotfix (or suggested alternative). For example for the Windows and Office vulnerability outlined above, this in in the form of a temporary hot fix. This is then published by IBM in the form of a Fixlet, making this critical fix immediately available for all IBM Endpoint Manager servers and their clients. Each IEM agent then reports to it’s vulnerability status back to the customers BigFix console, so you have a realtime view of the number of endpoints effected.
The BigFix administrator can “Action this Fixlet” (ie. go ahead and fix those PCs and Servers thanks!), which will dynamically download the hotfix and apply it to tens or hundreds of thousands of endpoints. The administrator can once again view in realtime the remediation status. So at anytime, the BigFix administrator report this information to their organisation or security auditors.
In addition to the range of operating system vulnerabilities/patches addressed by BigFix, the following is a list of applications managed by the IBM Content Delivery Team include the following (thanks to Peter Tuton for putting together this list):
- Flash Player (including browser plug-ins)
- Shockwave Player
- Remote Desktop
- Internet Explorer
- SQL Server
- Mozilla Firefox
- Nullsoft WinAmp
- Oracle Java Runtime Environment
How is your organisation addressing the Zero Day threat?