How to plan in advance for security updates !!!

If you have some years of experience in the field of information security, you must have seen a couple of famous Internet worms hitting your network causing damage to your environment. Many network or security administrators remember to patch their network only when they are hit by attackers or worms and honestly speaking that is terrible for a security guy…

Microsoft Security Bulletin Advanced Notification released every month is intended for security people to plan 3 days ahead before Microsoft security updates are released. Microsoft Security Bulletin Advanced Notification includes information about:

  • The number of new security updates
  • The softwares affected
  •  The severity levels of vulnerabilities
  • Information about any detection tools relevant to the updates
Now the question is, what can a security admin do with all this information?

Before I answer this question, let me take you through the process of how a worm or an exploit is created. There are websites like Security Focus, Secunia and so many more that publish security advisories about the most recent security vulnerabilities in different softwares. Since Microsoft is a big company with so many softwares, some of these vulnerabilities with different severity levels are found on Microsoft softwares and operating systems.
So what hackers do is check these websites everyday and find those critical security bugs and write exploits or worms for them. Microsoft security response center releases security updates for all those vulnerabilities once every month (The second Tuesday of the month) and we can say that hackers kind of stay ahead and write the exploits and worms and let them out to the Internet before the updates are out. Since the process of writing worms is not very short and it takes even weeks to write a pretty advanced one, there are usually some days left for a security admin to take an action.
What could be the action?
  1. Check the Microsoft Security Bulletin Advanced Notification 3 days before the updates are out.
  2. Check to see if you have any of those affected operating systems and softwares available in your network environment.
  3. Check to see if any of them is placed in a critical part of your network like the network edge.
  4. If they are and the security risk is critical (High) and the vulnerability is a Denial of Service vulnerability, then you could place a firewall in front of the affected server against the Internet. If you have a virtual edge and DMZ, then this process will be done more easily since it is more dynamic. (Check out this blog post of mine)
  5. If the vulnerability is critical but it is a buffer overflow or any other kind of vulnerability, then you would need to go deeper to see what port on the server or what service on the server causes this security problem and then easily filter the port or disable the service if it does not make any network disruption.
  6. keep an eye on the log files of the affected servers and services and enable alerting so that you could be aware of any attacks. 
You should take these advice seriously if you want to stay safe against any possible attacks. Remember that prevention is always better than cure.
Best Wishes
Esmaeil

One thought on “How to plan in advance for security updates !!!

  1. Pingback: Possible Attacks on Windows and Countermeasures – Part 2 | Security Dreams May Come True...

Leave a Reply

Your email address will not be published. Required fields are marked *