Why is patching important?

Patching your systems is crucial as it prevents vulnerabilities from being exploited by hackers. Ignoring patches can lead to security breaches and potential damage to your systems.

What are the challenges with patching systems?

Patching systems can be difficult, as it might break things, require after-hours activities, and take a significant amount of time. People often delay patching, which hackers exploit to target unpatched vulnerabilities.

Can you provide examples of the importance of patching?

Certainly! Here are three recent examples: 1. The Gafgyt botnet malware exploits a five-year-old vulnerability in Zyxel P660HN-T1A routers (CVE-2017-18368). Despite warnings and patches, attacks continue. 2. Ecommerce sites using Magento 2 were targeted due to an unpatched critical vulnerability (CVE-2022-24086) called 'Xurum'. 3. Attackers are exploiting a critical vulnerability (CVE-2023-27997) in Fortinet Forti OS and FortiProxy, with many systems remaining unpatched.

How is the Zyxel router vulnerability being exploited?

The Zyxel P660HN-T1A router vulnerability (CVE-2017-18368) involves an unauthenticated command injection flaw in the Remote System Log forwarding function. Despite patches and warnings, attacks persist.

What is 'Xurum' in relation to Magento 2?

'Xurum' is the name of a server-side template injection campaign targeting unpatched Magento 2 shops. It exploits a critical vulnerability (CVE-2022-24086) to extract payment data from recent orders.

What is the Fortinet vulnerability CVE-2023-27997?

The Fortinet Forti OS and FortiProxy vulnerability (CVE-2023-27997) is a critical heap-based buffer overflow flaw. Attackers can execute arbitrary code or commands through crafted requests in FortiOS and FortiProxy SSL-VPN.

How many unpatched systems are there despite available fixes?

Approximately 69% of the around 490,000 affected SSL VPN interfaces found by Bishop Fox remain unpatched, even though patches and exploits are available.

What's the importance of inventorying systems?

Maintaining an inventory of your systems helps in identifying unpatched components and vulnerabilities. This visibility is crucial for taking corrective actions.

Knowledge

Don't be lazy in patching - hackers love it - Zyxel, Fortinet and Magento examples

published: Aug. 11, 2023

Take action: Patching is hard. So many systems are left unpatched because of fear of breaking things, not enough time, being lazy or infinite optimism. But hackers love us for all of this. Do the work, and don't be optimistic. You don't get an award for patching but when a five year old vulnerability gets exploited, you will get A LOT of questions.

Learn More

Patching your systems is always hard, can break things, requires after-hours activities and can take a long time. We are all guilty of ignoring an advisory and kicking the can down the road. Hackers love this behaviour, since they can exploit old unpatched vulnerabilities with automated tooling and almost no expense for them.

Here are three current very serious examples of us behaving badly, and why patching matters.

The the Gafgyt botnet malware is exploiting a five-year-old vulnerability in Zyxel P660HN-T1A routers. The flaw, known as CVE-2017-18368, involves an unauthenticated command injection vulnerability in the router's Remote System Log forwarding function. Zyxel patched it in 2017 and warned against the Gafgyt variant in 2019, urging firmware updates. Despite this, attacks remain high, averaging 7,100 daily since July 2023. Zyxel, noting the router's end-of-life status, advises users to upgrade to newer models for enhanced security.
A persistent exploit campaign is currently targeting ecommerce sites utilizing Adobe's open-source Magento 2 software, focusing on a critical vulnerability, CVE-2022-24086 (CVSS3 score 9.8). The vulnerability was patched which was initially patched on February 13, 2022. Cybersecurity firm Akamai's researchers have identified a server-side template injection campaign aimed at unpatched Magento 2 shops. Termed "Xurum," this campaign has been active since at least January 2023, primarily aiming to extract payment data from recent orders placed on targeted Magento store
Attackers are actively exploiting a Fortinet Forti OS and FortiProxy critical vulnerability tracked as CVE-2023-27997 (CVSS score: 9.2). The flaw, described as a heap-based buffer overflow vulnerability, could enable remote attackers to execute arbitrary code or commands through specifically crafted requests in FortiOS and FortiProxy SSL-VPN. The vulnerability was reported and patched in June 2023. Security firm Bishop Fox found approximately 490,000 affected SSL VPN interfaces on the internet, with around 69% (335,000) unpatched despite available patches and exploits.

Is your infrastructure exposed to these vulnerabilities? Even more important, do you have other unpatched components of your infrastructure that are exposed for years?

Visibility helps, so you need to always think of how you inventory your systems, so you can then start asking the questions of unpatched systems.

Don't be lazy in patching - hackers love it - Zyxel, Fortinet and Magento examples

Read More
State of (in)security - Week 46, 2024
State of (in)security - Week 51, 2024
Researcher chains multiple old macOS flaws to compromise …
Data source with billions of previously leaked credentials …
State of (in)security - Week 19, 2023