Welcome to 2022 and a new year of patch management excitement! I’m rapidly approaching 40 years working in this industry and I can honestly say there is rarely a dull day. If you are willing to take on the challenges presented, it is a great industry to work in and I hope you all are excited to start the new year too. Let’s look at some recent events which will be influencing this month’s patch releases.
I closed out last month’s forecast article calling 2021 the ‘year of supply chain attacks’ and that trend is continuing. Malware in the Atera Remote Management Software is taking advantage of Microsoft’s digital signature verification vulnerabilities from as far back as 2012 to load ZLoader and steal account credentials.
Even though these vulnerabilities were fixed, the changes are not enabled by default. Microsoft Security Advisory 2915720 from 2017 provides more details on the Authenticode and WinVerify Trust functionality with recommendations for action. Despite the old vulnerabilities, this is a new attack and I’m sure we will be hearing more from Microsoft, with potential changes in next week’s patches.
The zero-day vulnerability in the Apache Log4j Java-based logging library took the software industry by storm in mid-December. This library is widely used in both enterprise and cloud service software. Even though Apache released the zero-day fix for CVE-2021-44228, it takes a while for companies who use this library to update, test, and release a new version.
To complicate the situation, a total of four additional CVEs associated with the Log4Shell bug have been identified in the last month, the latest being CVE-2021-44832. Keeping the industry churning, Apache released multiple updates with this library, now up to version 2.17.1. SaaS products can be quickly updated under DevOps but updating traditional software products in the field can take much longer, leaving them vulnerable to exploitation.
Microsoft has been busy leading up to the first Patch Tuesday of 2022. It released an out-of-band update for Windows servers that “experience a black screen, slow sign in, or general slowness,” These updates were initially a limited release, but are…