In recent weeks a critical vulnerability (CVE-2021-44228) has been discovered in Log4j2, a popular logging library for Java applications. Attackers can exploit this flaw by performing Remote Code Execution (RCE) on any systems where it is implemented.
It’s worth bearing in mind that, according to the consulting firm Forrester, 3 billion-plus devices worldwide currently run Java in some format. Given the huge scope, our experts consider this Log4j2 vulnerability particularly serious. Fortunately, the latest versions: 2.17.0 (for Java 8), 2.12.3 (Java 7) and 2.3.1 (Java 6) have already fixed it. In response, MSPs need to update the version of Log4j2 implemented in their clients' devices as soon as possible. If they are equipped with an intrusion prevention service that already contains their signatures, they will also be blocked from attacks that can take advantage of this.
Identify, Prioritize and Remediate
This is a prime example of just how dangerous vulnerabilities in popular programs and applications can be to systems. What's more, they are growing in frequency: in 2020 alone, a total of 18,103 vulnerabilities were reported, with an average of 50 common vulnerabilities and exposures (CVEs) per day. IT administrators and staff often do not have enough time or resources to take care of patch and update management. Therefore, MSPs need to understand the importance of preventing vulnerability exploitation, but to achieve this, they have to address three major challenges:
Vulnerability identification: Only a small number of attacks occur as a result of vulnerabilities that are unknown to all parties (zero day attacks). In most cases, cybercriminals exploit known flaws. For this reason, MSPs must ensure that their clients are aware of when they appear and affect their systems, as the time period between a vulnerability being discovered and when attacks are usually executed has been significantly reduced.
Prioritizing mitigation: While it may seem straightforward, most organizations struggle to identify which patch updates to install first. In fact, according to Ponemon, the average time it takes companies to deploy patches to applications or systems is 97 days. That's why MSPs need to know which patches to prioritize first in a reliable and automatic way.
Vulnerability remediation: In the final stage of remediation, the necessary patches are installed to repair an identified vulnerability or security breach. However, this is also a risky task. MSPs have to ensure that the right patches are deployed in organizations, as they may not be legitimate (they must come from an official source), and patches are not always valid for all types of devices. Moreover, MSPs must be sure that the update has no negative impacts or side effects as, in some cases, they involve changes in configuration, firewall policies, etc.
Faced with these challenges, MSPs should deploy advanced tools for their clients that simplify the patch management lifecycle for their installed software and operating systems. These solutions must have audit, monitoring and update prioritization functionalities, but must also include capabilities to mitigate attacks that exploit vulnerabilities through immediate patch deployment. This will reduce the attack surface and strengthen their ability to prevent vulnerability-related incidents.