If cybersecurity threats weren’t already enough of a headache, resistant cybersecurity threats are more significant problems. Whenever a weakness in a digital system is discovered, patches are released to secure it. But just like in modern medicine, sometimes a cure for a virus doesn’t work as intended or can lead to other problems. Microsoft experienced that when they released two security patches for some known holes in their operating system.
Let’s start with the Windows Mobile Device Management Information Disclosure Vulnerability (CVE-2021-24084). First disclosed in October 2020 by security researcher Abdelhamid Naceri, this vulnerability would enable an attacker to read files from a system if exploited correctly.
Microsoft tried to patch the problem in February of 2021. Naceri later proved that not only did the patch not work, but it exposed the system more, allowing hackers to gain administrator privileges and run malicious code. Microsoft finally released another comprehensive security patch for CVE-2021-24084 in December of 2021, a whopping 14 months later. Only time will tell if it did the trick.
On the other hand, we have the Windows Installer Elevation of Privilege Vulnerability (CVE-2021-41379), which empowers attackers to gain administrator rights if exploited correctly. Again, Microsoft thought it successfully patched CVE-2021-41379 in November of 2021, but the patch didn’t fix it. Naceri proved hackers are still able to exploit the weak spot. Even until the end of December 2021, Microsoft hasn’t released an updated patch, leaving it a zero-day vulnerability.
It’s important to note that considering how profitable cyber criminality is becoming, systems and networks of devices have only become juicier targets for extortion and other malicious activity. Hackers need to develop and manipulate zero-day threats since undiscovered defenseless security gaps will give them more time to inflict damage and accomplish their objectives.
The examples above exacerbate problems since they give a false sense of security. There are so many factors at play and an endless number of things that hackers can exploit to work in their favor. It’s why constantly maintaining defenses, keeping up to date with new threats, and playing catch up to develop patches for different attacks is so tricky. It requires the collective input of cybersecurity professionals and organizations across the field.
The ugly truth is that without an IT professional well versed in cybersecurity, businesses will be easy targets for cyberattacks. They’ll receive critical information too late and can’t act quickly enough to protect themselves against new dangers. The problem is that some companies can’t afford to hire full-time employees to handle their digital safety. Kumo Cloud Solutions provides Cybersecurity Solutions to businesses for precisely this reason. We help businesses fortify their digital environments and prepare for worst-case scenarios through customized defense plans for considerably much cheaper.
Visit www.joinkumo.com for more information on how to secure your digital environment.