With so many challenges and so few resources, it’s easy to take on a mentality of ‘if it ain’t broke, don’t fix it’. However, functional systems age and if security and vendor alerts are not taken seriously these systems increase your risk with exposed security and application exploits.
Basic work in any organization requires browser and printing capabilities. This month, zero-day alerts for both Microsoft Internet Explorer and Mozilla Firefox were issued. In addition, printer security flaws grew with a new CVE discovery for Lexmark printing service. A reminder that the software to help manage and extend printer functionality gets installed on supporting systems or desktops and also needs to be included in your vulnerability management overview.
Printers and their supporting software are a common vector for attackers to leverage. Because they are such a common entity within a business, they represent a large footprint to target. They are also an overlooked security risk, suffering from outdated firmware and pending security updates. Recently, to add to the list of vulnerabilities, a TECH LOCK pen tester discovered a Lexmark printing vulnerability. The flaw allows for the traversal of the directory of the system and files to be extracted from the operating system where the Lexmark Service Manager (LSM) is installed. A service no longer supported by Lexmark, however, probably still running for users that have not migrated to the recommended Lexmark Asset Manager (LRAM) service. Reviewing printer security and associated services, along with vendor recommendations, should not be forgotten. They are as important as any other system your business relies on.
Browser issues are also a tricky area to provide security management. They interface with industry-specific software and applications that have limited browser type and version support. The most recent browser is often not yet supported by these kinds of applications because it takes time to do the application and validation testing. What is alarming is the recent zero-day alerts. The Firefox vulnerability allows for manipulation based on data types that cause unexpected consequences to data processing, opening the capability to execute code on the system. There is a patch for this to block this issue today, but any vulnerability capable of Remote Code Execution (RCE) should move to the top of your patch prioritization list. The Microsoft IE vulnerability is also classified as an RCE, allowing for the potential of new accounts to be created and code execution. Microsoft recommends using other newer browsers available with their operating systems and will provide a software fix in their next “Patch Tuesday”. Although IE is not the default browser in the latest Windows OS versions anymore, the browser is still installed within current Windows Operating Systems.
Another challenge with browser security results from users who are either reluctant to change or are simply unaware of the need to update or upgrade. For these reasons it is recommended that organizations limit the number of browsers supported and communicate this to users through awareness training.
Practical Security Steps
While these vulnerabilities are challenges, here are some recommendations that can help minimize your risk:
- Run all software as a nonprivileged user with minimal access rights
- User network segmentation and monitor internal traffic to and from your printers
- Have endpoint threat detection capabilities that monitor for in-memory executions and alert on any administrative changes to a system
TECH LOCK can help you understand and streamline the vulnerability management of your organization. From scanning to prioritizing the most dangerous vulnerabilities with the specific recommendations for patching, we standby you to protect your business.