Ghost of Patch Tuesday Past: Making Threat Intel Actionable
By Todd Weller – Chief Strategy Officer
It’s that time of year, so holiday metaphors flow. Even the corny ones (had to Google whether I’m actually allowed to use this word anymore!) seem to emit a warm feeling this time of year.
Yesterday, was Patch Tuesday. Back in the 2000’s Patch Tuesdays (Microsoft started these in October 2003..by the way) were exciting and highly anticipated events particularly given all of the security issues that were associated with Microsoft’s platform. Threats like Code Red and NIMDA come to mind.
Over the last ten years, Patch Tuesday has become just a ho hum, normal, every-month, occurrence. However, from time to time, interesting ones emerge. My interest is particularly piqued when I start to get alerts from our threat intelligence partners, including ISAC/ISAO partners.
The most recent Patch Tuesday is worth noting because there are serious security implications associated with this one. We’re talking zero-days! Specifically, a zero-day in Microsoft that is being actively exploited along with a recently discovered zero-day in Google’s Chrome. From the alert:
Microsoft Patches Zero-Day that is Actively Being Exploited
This Patch Tuesday includes 36 vulnerabilities with seven of them rated as critical. Importantly, it includes a recently discovered zero-day bug. Zero-days by themselves are interesting and important to be aware of but it becomes more critical when there are active exploits occuring. That’s the case here. The specific zero day bug is CVE-2019-1458 – Win32k Elevation of Privilege Vulnerability. The exploit associated with this enables attackers to gain higher privileges on the infected machine.”
But wait there’s more!
The exploit also enables attackers to avoid protection mechanisms in Google’s Chrome browser. In fact, it seems like the Microsoft zero day was discovered by researchers at security firm Kaspersky, as part of their discovery of a separate zero-day exploit they discovered for Google Chrome.
Making Threat Intelligence Actionable
These events offer a great opportunity to identify the benefits of making threat intelligence actionable here. Let’s start at the beginning: First, we receive notice of the existence of a specific threat. In this case, we have learned about an exploit in the wild that is taking advantage of specific vulnerabilities in certain Microsoft products and the Google Chrome browser. Second, given the pervasiveness of the affected products, the obvious next-step is probably going to be updating your software as rapidly as possible. However, if we were looking at a more narrowly focused threat, then the next step would be to determined by your exposure to the threat. Should you care about the threat itself? Should you care about the vulnerability? If you do care, how do you prioritize vulnerability remediation? For example, correlating threat intelligence with your vulnerability management information can help you identify threats you should care about and help prioritize vulnerability remediation. Each of these questions and corresponding actions takes time and resources…during which, your network may be open to compromise.
There is a better way.
While you were going through the process of receiving the vulnerability alert outlined above, the same threat intelligence that alerted you to it, could be taking automated action to protect your network from it. The Threater Threat Intelligence Gateway (TIG) aggregates threat intelligence from a wide range of high fidelity, threat intelligence providers, including commercial, open source, industry, and government sources. We also enable integration of threat intelligence from multiple sources including threat intelligence platforms, SIEMs, and other systems. What’s more, the Threater Threat Intelligence Gateway is updated automatically, providing critical, up-to-the-minute protection. Simply put, the Threater TIG provides both protection and peace of mind, helping to protect your network from the attacks, so that you can spend your time updating the software and patching the vulnerabilities.
For more on how the Threater Threat Intelligence Gateway can help you improve network protection and make threat intelligence actionable, download our award winning white paper: The Importance of Threat Intelligence from Multiple Sources and you can also find more information at
For more perspectives on Patch Tuesday check out the below:
- Microsoft – Security Update Guide
- KrebsonSecurity – Patch Tuesday, December 2019 Edition
- Threatpost – Microsoft Zaps Actively Exploited Zero-Day Bug