This month, Microsoft has released two out-of-band patches to once again fix zero-day vulnerabilities. The proof is out there that if you are not patching your systems quickly you are leaving your organization vulnerable to these attacks. For example, three Alabama hospitals were recently attacked with ransomware. Not only is patching important but you also have other areas where you can protect your OS from Malware or Ransomware. One way you can protect your systems from ransomware is by enabling Secure Boot in your machines BIOS. Secure boot is designed to protect a system against malicious code being loaded and executed early in the boot process, before the operating system has been loaded. With BigFix, you can quickly gather information on what machines in your environment that are not using Secure Boot. Once you know which machines are vulnerable, you can use BigFix Operating System Deployment (OSD) – a component of BigFix Lifecycle, to convert the BIOS to UEFI and enable Secure Boot.
Microsoft released two out-of-band patches that fixed zero-day vulnerabilities for Internet Explorer and Windows Defender. Although these bugs do not seem to be flashy and get the same exposure as WannaCry or Spectre they are still important to patch quickly. For your organization, how quickly were you able to respond to WannaCry? How long did it take to demonstrate to your CIO and CEO that the organization was 100% patched? Did it take you weeks and months or just a few minutes to run a report? If it took you more than a few minutes, let us show you how BigFix help speed patching and patch reporting.
In October, Microsoft released fixes for 223 vulnerabilities. Over 100 of them were classified as critical. The servicing stack updates provide fixes for the servicing stack—the component that installs Windows Updates. BigFix will not allow you to install the cumulative updates unless the updated servicing stack is installed first. Therefore, it is critical that the servicing stack gets installed first in the baseline so the cumulative patch will be relevant.
Now that this patch information is available to the public, hackers can exploit systems that have not been patched. Patching is critical for organization to maintain a security posture. Speed matters. With BigFix, you can find and fix endpoints…FAST!
Author: Brad Sexton. Editors: Bob Schmidt and Cy Englert.