Among the patches Microsoft will issue tomorrow, there are sure to be fixes for zero-day vulnerabilities – these are probably the most important as threat actors may already be exploiting them.
What is the zero-day threat?
You can find out the details here:
Are zero-day vulnerabilities exploited?
Yes, and the hackers profit from them:
UK domain registry Nominet confirms breach via Ivanti zero-day
Nominet is the official register of the top-level .UK and .WALES domains and has the responsibility for millions of users information. The investigation into the breach is ongoing but from initial results they have fallen victim to the gap between the threat actors discovering a security flaw and the resulting patch being deployed on their systems. (Let’s hope it was no applied late!)
No data breach or compromise has been discovered (yet) and the domain registration and management systems are still operational.
Your takeaway
Make sure you understand the zero-day threat and that when patches become available they are applied as soon as possible, on your computers, servers, network devices, apps, etc., etc.. Do not forget the home and hybrid workers!
Clive Catton MSc (Cyber Security) – by-line and other articles
Further Reading
Octagon Technology has tools that can help with security patching.
