During the week starting October 12th, the IT industry has been scrambling to address or answer questions regarding several patches that address vulnerabilities including CVE-2020-16898. The vulnerability allows a hacker to send communication packets to a remote Windows 10 or Windows Server 2019 operating system and potentially gain control over the device. This patch is critical and necessary to defend against attacks that can happen from anywhere in the world. Another vulnerability was also announced, this one by SonicWALL: CVE-2020-5135, which allows for an attack on the perimeter defense and allow for code execution from a malicious attacker.
In 2020 there has been a rise in both volume and variance of cyber-attacks world-wide. Organizations have now begun to take recommendations from cyber security experts more seriously, determining that it is less expensive to have security defenses than it is to experience a breach. Most organizations are starting to see that without taking proper steps, it is only a matter of time before they are breached.
How do these vulnerabilities effect business?
Ideally, announced patches and vulnerabilities should be deployed quickly and efficiently to an entire organization with applicable machines that require those fixes. It is important for your IT Provider to be able to continue with regular IT services as well as execute and pivot to combat issues that are presented by experts in the cyber security field. It is even more important for your leadership team to maintain a proactive approach to allowing your IT Provider to better defend the organization through this proactive approach.
At Integris, the day the vulnerabilities were announced to the world we had dedicated technicians and engineers already testing out the patches and evaluating organizations that were most at risk. Patches for both SonicWALL and Microsoft were deployed out across firewalls, servers, and workstations quietly in the background. This was a major effort to secure networks while making sure that organizational operations were unaffected.
Patching and Updates
Patching is often talked about as an activity that most organizations don’t like, value, or understand. Technicians have often been greeted with grumbling or even irritation when suggesting running updates on computers:
“Every time I run an update my wireless mouse stops connecting to my laptop until I unplug/plug it back in” – Everyone who ever owned a wireless mouse
Yes, unfortunately there can be some inconveniences to the patching and updates. However Microsoft continues to work on patches that cause less uproar and are directed towards securing and maintaining the integrity of your operating system. Integris focuses on communicating with you as a client on patches that may provide some disruption. Even after you are made aware of these changes, Integris will quickly plan and execute at times that make the most sense for your organization, while still maintaining defenses.
In the meantime, for patches and updates that do not disrupt your operations, sit back and relax. For you, No Action Required!