Sandworm versus Poodle
Equal opportunities for sysadmins this week as a round of security advisories see just about everyone doing the manic patching dance (twerking optional).
Tuesday saw Microsoft patch a handful of nasty zero day vulnerabilities, Wednesday saw another hole in SSLv3 appear, yet more patches to prevent the beleaguered OpenSSL library from spilling your server’s secrets, and a set of new patches from Adobe and Oracle.
Quite a lot to take in, so where to start? Despite SSL bugs being flavour of the month, in reality POODLE poses less of a risk to most businesses when compared to the vulnerabilities the Microsoft patches address. There are two in particular that are being actively exploited and you should make a priority for testing and deployment. MS14-058 is to do with the way Windows handles fonts and is particularly nasty in that it allows privilege escalation (i.e. you can get local admin privileges on the box with this one). It’s been used in the wild by the Chinese (so we hear) in targeted attacks but doesn’t seem to be in use by a wider audience just yet. The one for which exploit code is definitely kicking around on a wider scale is MS14-060 aka the ‘Sandworm’ exploit (the Russian choice, so we hear). This one doesn’t have the privilege escalation component and Microsoft only rate it as Critical because it also involves user interaction (i.e. opening a file) but nonetheless the fact it’s more prevalent out in the wild should make it a priority for desktops in particular. More details on these from Microsoft over at: http://blogs.technet.com/b/
So once you’ve done that lot, move on to looking at POODLE. Adam Langley of Google was involved in the discovery and has the authoritative technical-yet-comprehensible write up over at https://www.imperialviolet.
One thing this particularly busy week surely brings into focus is the importance of a developed vulnerability management process.
It’s long been impossible to manually keep track of which versions of what application have security holes but the recent surge of activity around open source code in particular has made it more apparent than ever this isn’t a problem purely confined to the Windows world. There are great tools you can use to get a grip on this stuff quickly. It’s something we at ITC have lots of experience with so please don’t hesitate to get in touch if you need some help. Call us on 020 7517 3900 or email firstname.lastname@example.org to get in touch.