Blog / You Should Upgrade or Remove Old Software – It Could Be a Source of Unrealized Vulnerabilities
One of my responsibilities here at TRINUS is to perform Security Audits. I have done it for numerous clients, as well as internally for TRINUS itself. You could say I get a bit of a kick out of turning over rocks and things. That would be true; I totally love to explore and find the weird, overlooked things that hide in the cracks of people’s networks. I feel like Jack Skellington in “Christmas Town”, going: “What’s this? What’s this?”, as I’m poking around.
Some customers seem to have a bit of a misconception about the purpose of these audits. They aren’t intended to be used in order to find ‘problems’ or imply that anyone is doing a poor job. At the same time, they’re not intended to be used as an excuse to prop up your Security position, by saying you performed an audit, so all is well. They’re intended to find the things you hadn’t considered. Maybe even stuff that has been forgotten about.
An organization’s network grows and changes over time. Projects overlap and often things get forgotten in the rush. The stuff I often find are holdovers; last pieces of old services discontinued a long time ago, and someone just forgot to remove one last fragment. It happens all the time. If you don’t go looking for it, you won’t find it, but an attacker could spot it and try to use it against you.
There’s one common thread in every Security Audit. Outdated and/or unpatched software accounts for the vast majority of all the vulnerabilities and issues that I find.
When most people think of someone attacking their computer, they think of a person hacking in over the network. It’s easy to forget that sometimes the attacker is just a file. A file set-up in a special way, so that if it’s open with some specific software, it will be able to do something unpleasant. An example would be an office document with Macro’s. Despite the fact that this is a well-known method to have your computer compromised, there are Phishing Attacks using this exact method right now… because it works.
Office is not the only way to pull off something like this. There’s a software that will allow an attack to take over your computer, if you open a special Video file, or Audio. It’s not really the fault of those people who built the software. When you open a document of a particular type, you expect it to follow a certain format.
The problem happens while you also assume it follows the format it is supposed to and don’t properly check to ensure that it does. This allows an attacker to feed data into different parts of the program that the designers never expected. This sort of thing is successful because the attackers know how to break the software ‘just right’, in order to exploit the situation to their own ends.
If you have any questions about making a Software Inventory, please reach out to your TRINUS Account Manager for some stress-free IT.
By Kind Courtesy of Your Friendly Neighbourhood Cyber-Man.