For nearly two decades, ‘Patch Tuesday’ has been a monthly fixture in the global cybersecurity calendar. On the second Tuesday of every month, Microsoft and other software vendors release a range of software fixes – some of which deal with critical vulnerabilities. As such, it’s a regular opportunity to address emerging risks for IT and security professionals the world over.
The issues covered on Patch Tuesday can be extremely diverse and focus on applications and services right across the Microsoft portfolio, from Word and SharePoint to Windows, Edge and Azure. This week, for example, Microsoft released 44 security fixes, seven of which were considered ‘critical’. In addition, three of the fixes were identified as zero day, so unknown to organizations that could be vulnerable.
Important as Patch Tuesday has become, it has also given rise to the regular emergence of new risks and vulnerabilities as quickly as 24 hours later. Known as ‘Exploit Wednesday’, it has become the ideal time for cybercriminals to develop further exploits for systems that haven’t been updated.
The story doesn’t end there, however. Part of the challenge with fixes and updates is that they can cause critical performance issues for some of the users who have downloaded them. As these issues are identified, IT teams use ‘Uninstall Thursday’ as the time to remove the components in question to get their systems running normally again. In general, Microsoft will quickly release additional ‘hot fixes’ for these problems so users can close any security blindspots without impacting their software infrastructure.
Zero Tolerance For Zero Day
While this is an important process for fixing vulnerabilities, it also underlines the risks that Zero Day exploits present – not just when they are fixed on Patch Tuesday, but at any time. These vulnerabilities are particularly dangerous because they are unknown to the organizations and individuals being targeted.
Making the problem even worse is that it takes an average of 18 days for this malicious content to become known by anti-virus solutions. Meanwhile, sandboxing exposes organizations to risk from advanced malware and disrupts business productivity.
‘Cybersecurity blindspots can remain undetected for up to 18 days before antivirus and sandboxing systems are updated’
As a result, many organizations become ideal targets for zero day attacks, when even a few hours or days can prove catastrophic, leaving them scrambling to fix blindspots after the fact.
With nearly 70% of malware found embedded within files of an unknown variant when it is received – effectively making it invisible to reactive cybersecurity technologies – security teams need to be given advanced tools so they can take a proactive posture to the risks posed by zero day vulnerabilities.
Glasswall takes a proactive approach to file based threats. Our CDR technology instantly cleans and rebuilds files to match its known good industry spec – automatically removing potential threats. This simple approach ensures every document entering your organization is safe, without sacrificing productivity.
To read more about how to build a zero tolerance approach to cybersecurity, click here.