Information about exploits is purposely limited at this time, but the basic situation is that hackers can confuse the browser’s engine then perform a classic privilege escalation operation, allowing the attacker to read and write data on an endpoint without permission.
Microsoft and Google, as well as nearly every security analyst, suggest you update Chrome and Edge immediately to avoid the problem. For large and complex enterprises this is easier said than done! Finding and fixing all vulnerabilities is hard.
In fact, surveys have shown that nearly one-third of all detected vulnerabilities remain open after a year, and 25% are never remediated.1 At the same time, as many as 60% of organizations said that at least one recent data breach occurred because even though a patch was available for a vulnerability but was not applied.2
Why is this happening?
In interviews with dozens of HCL customers, the reasons for the shortfalls can be grouped into one or more of these categories:
- “..Due to the sheer volume of reported vulnerabilities
- …and the use of ineffective prioritization schemes,
- …the fact that patching can break and disrupt systems
- …as well as resource constraints”
Enter BigFix: For many years, BigFix has been the essential solution to mitigate and patch every endpoint in your environment, before, during and after threats arrive.
For cases like the Chrome CVE-2022-1096 vulnerability, BigFix customers have always had the ability to automate finding and fixing issues faster than any other solution. With exceptionally urgent vulnerabilities like this, we support our customers even further by quickly developing, testing and delivering patches along with specialized reporting and mitigation tools that automatically appear in their BigFix console. These capabilities can appear within 24 hours after initial discovery, with more complex vulnerabilities taking longer.
BigFix engineers are ever vigilant to emerging threats so you don’t have to be. The native BigFix content streaming service provides near real-time content that has already been tested and quality assured. Content that frees you from having to develop and deliver your own patches.
Enterprises are not defenseless if they begin shoring up their defenses now to repel future attacks.
Our recommendation for Chrome CVE-2022-1096:
- Use BigFix to quickly identify and report on vulnerable systems, as well as investigate any initial anomalies.
- Use BigFix Inventory to find vulnerable instances of Chrome and Edge instances.
- Continue to keep abreast of new and updated fixlets on an ongoing basis. The latest Fixlets will also be available on an ongoing basis as your BigFix team continues to work on this around the clock.
- Seek additional help, if needed, from forum.bigfix.com and support.hcltechsw.com.
- During: If an attack comes, isolate affected systems to prevent lateral movement of the attack.
- After: Let’s hope a real attack never comes, but if one does, follow these suggestions:
- Assess what happened in order to improve IT and security processes to defend against the next attack.
- Assess IT’s policies, processes, people and systems to ensure everything is working together. Most CISO’s will tell you that you need visibility into every nook and cranny of the environment, from internal servers and cloud environments to remote endpoints.
- Also, ask some relevant questions, such as: Was disaster recovery effective in getting systems back up quickly? Does the organization have the data it needs to understand how the attack occurred? and Did the security and ops teams align during the attack to contain the damage? How might alignment be improved?
Patching isn’t just an IT operations problem, it’s also an IT security problem. Highly organized cybercriminals are constantly searching for vulnerabilities in the software and systems on which organizations depend. Patching isn’t a simple task in complex and constantly changing modern IT environments. These challenges are better addressed by an automated approach to patch management, and BigFix is battle-tested and the leading solution to solve the problem.
1 “Persistent Vulnerabilities, Their Causes and the Path Forward,” Tenable Research, June 2020.
2 Costs and Consequences of Gaps in Vulnerability Response, an independent survey conducted by Ponemon Institute LLC on behalf of ServiceNow, October 2019.