{"id":2818,"date":"2014-11-06T20:29:39","date_gmt":"2014-11-06T20:29:39","guid":{"rendered":"http:\/\/kasperskydaily.com\/b2b\/?p=2818"},"modified":"2020-02-27T03:50:42","modified_gmt":"2020-02-26T16:50:42","slug":"stacks-of-patches-attackers-walk-around-the-updates-to-keep-exploiting","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.au\/blog\/stacks-of-patches-attackers-walk-around-the-updates-to-keep-exploiting\/2818\/","title":{"rendered":"Stacks of patches: attackers walk around the updates to keep exploiting"},"content":{"rendered":"

So far, 2014 has been a spectacular year in terms of\u00a0IT security. Everyone heard about those terrifying vulnerabilities called Heartbleed<\/a> and Shellshock<\/a>. They have mostly outshone the other creepy vulnerabilities, albeit none of those incited a comparable scare. There have also been a number of long-running APT campaigns discovered, both by Kaspersky Lab and our colleagues. Although, at least one of the \u201cnew\u201d APTs,\u00a0Sandworm<\/a>,\u00a0wasn\u2019t exactly new.<\/p>\n

Stacks of patches: attackers walk around the updates to keep exploiting #security<\/p>Tweet<\/a><\/blockquote>\n

Still, Sandworm had some interesting consequences. The 0day vulnerability in Windows (present in all versions later than XP) had been promptly patched<\/a> by Microsoft, but it soon had to issue yet another advisory regarding the same flaw: The attacker found a way to circumvent the previously released update. Microsoft released a temporary Fix It patch<\/a> to mitigate the problem. For technical details, refer to this Threatpost\u2019s publication regarding the OLE vulnerabilities<\/a> exploited by Sandworm APT group. We also recommend the long-announced, brand new research by Kaspersky Lab\u2019s experts covering BlackEnergy<\/a>, a crimeware tool that Sandworm APT is using (also see Threatpost\u2019s publication<\/a> on the matter).<\/p>\n

\n<\/p>

Quite recently we have seen something similar to\u00a0Shellshock, when a seemingly single vulnerability eventually spawned four and the patch released required some extra patching<\/a>. This also occurred\u00a0in August when a new update from Microsoft caused a BSOD error and developers had to pull it<\/a> and release a new one. The patches were breaking down the packages they were intended\u00a0to update and fix \u2013 it is not a Microsoft-specific problem. However, it is a faulty patch problem. With Shellshock and Sandworm we see how patches appeared to be incomplete and\/or prone to be circumvented, and the attackers continued to exploit this.<\/p>\n

Patching is done, but it\u2019s not yet time to say \u201cphew\u201d #security<\/p>Tweet<\/a><\/blockquote>\n

As a matter of fact, software packages become so huge and complex that every vulnerability may be just the tip of the\u00a0iceberg. Most of the time, this is not the case, however, system administrators have to keep in mind that installing a patch for any important and often targeted software package isn\u2019t a reason to relax. Extra efforts may be required right away.<\/p>\n

\"wide-3\"<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Today’s software packages have become so huge and complex that stacks of patches issued one after the other are increasingly common. This has consequences for system administrators.<\/p>\n","protected":false},"author":209,"featured_media":15876,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1999,2994],"tags":[588,298,398,838,2503],"class_list":{"0":"post-2818","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-smb","9":"tag-heartbleed","10":"tag-it-security","11":"tag-patches","12":"tag-shellshock","13":"tag-system-administrators"},"hreflang":[{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/stacks-of-patches-attackers-walk-around-the-updates-to-keep-exploiting\/2818\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/stacks-of-patches-attackers-walk-around-the-updates-to-keep-exploiting\/2818\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/stacks-of-patches-attackers-walk-around-the-updates-to-keep-exploiting\/2818\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.au\/blog\/tag\/heartbleed\/","name":"Heartbleed"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts\/2818","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/users\/209"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/comments?post=2818"}],"version-history":[{"count":3,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts\/2818\/revisions"}],"predecessor-version":[{"id":26558,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts\/2818\/revisions\/26558"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/media\/15876"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/media?parent=2818"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/categories?post=2818"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/tags?post=2818"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}