Real-life patch test - vulnerabilities found in one simple server in 6 months

Copyright 2011 Trend Micro Inc.

A real-life patch test

Vulnerabilities found in one server in 6 months

Copyright 2011 Trend Micro Inc.Trend Micro Confidential 04/10/2023 2

Whether you patch monthly…

Or every six months



Or every six months

The time and resource overhead is significant



And are you even secure?

Or every six months

The time and resource overhead is significant


One of our Solution Architects put a simple virtual machine

through it’s paces… with fascinating results…

PATCHTEST

Copyright 2011 Trend Micro Inc. 6

Simple VM built with WIN2008 R2 only… No apps, no IIS, no SQL Server

This build could equally apply to a physical server

Simple VM built with WIN2008 R2 only… No apps, no IIS, no SQL Server

This build could equally apply to a physical server

26 July 2011


A large number of updates are available

Remember this is still only one VM running nothing more than WIN2008 R2



6 months later…

Trend Micro Confidential 04/10/2023 7






6 months later…


Now the hard work begins….

Look up the Knowledge Base number and find

the update


09 AUG 2011… 7 important updates… 13.2MB… REBOOT REQUIRED

23 AUG 2011… 1 important update… 3.6MB… NO REBOOT

13 SEP 2011… 3 important updates… 65.4MB… NO REBOOT

11 OCT 2011… 4 important updates… 34.6MB… REBOOT REQUIRED

25 OCT 2011… 1 important update… 36K… NO REBOOT

08 NOV 2011… 2 important updates… 2.4MB… REBOOT REQUIRED

13 DEC 2011… 5 important updates… 26.1MB… REBOOT REQUIRED

29 DEC 2011… 3 important updates… 14.3MB… NO REBOOT

10 JAN 2011… 5 important updates… 19.1MB… REBOOT REQUIRED

Take a closer look at the updates


A total of 31 important security updates were announced over 6 months, with approx. every other

patch requiring a reboot

RESULTS


How can you reboot a mission critical system

that cannot be taken offline?


How can you reboot a mission critical system

How can you reboot any system

that cannot be taken offline?

during a CHANGE FREEZE?


Significant cross-referencing and assessment of each update needs to be undertaken by a skilled administrator.What else will the update impact? What else is

vulnerable? What is the impact on our risk posture?

IMPACT


Patch detail


Cumulative Security Update for ActiveX Killbits for Windows Server 2008 R2 x64 Edition (KB2618451)http://go.microsoft.com/fwlink/?LinkID=232507ms11-090


Patch #1

RECOMMENDED

http://go.microsoft.com/fwlink/?LinkID=232507





Patch detail




Patch #1

RECOMMENDED

Cumulative Security Update for Internet Explorer 9 for Windows Server 2008 R2 x64 Edition (KB2618444)http://go.microsoft.com/fwlink/?LinkID=232505ms11-099


PATCH #2

RECOMMENDED










Patch detail




Patch #1

RECOMMENDED



PATCH #2

Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Server 2008 R2 SP1 for x64-based Systems (KB2539635)http://go.microsoft.com/fwlink/?LinkID=218325ms11-069


PATCH #3

RECOMMENDED

Private

ly reporte

d

vulnerabilit

y














Patch detail




Patch #1

RECOMMENDED



PATCH #2



PATCH #3

RECOMMENDED

Private

ly reporte

d

vulnerabilit

y

WHICH WILL YOU PATCH??














Risk Summary

Number of

Security Security

Incidents Category

1 Malicious software removal tool

7 General / reliability updates

23 Security updates

Some hours later and all 31 security updates located and

assessed

23 out of 31 patches are related to security

vulnerabilities


1 VM, 1 OS, 31 patches 23 of which relate to security vulnerabilities



For a typical organisation with 50 servers running multiple operating systems and applications, this is

a costly and resource intensive operation



For a typical organisation with 50 servers running multiple operating systems and applications, this is

a costly and resource intensive operation

Unlike the simple VM, most organisations will not be able to automatically install updates. Individual updates or batches of updates will need to be tested and deployed manually to allow for them to be backed out in case of problems during installation.


How do you balance operational efficiency

with security?



You want to install the minimum

number of security patches for BASE LEVEL protection

with security?



You want to install the minimum

number of security patches for BASE LEVEL protection

with security?

But you want visibility of all security vulnerabilities?


Virtual Patching: Proactively shield vulnerabilities in critical systems, even without patchingSolution


Trend Micro Deep SecurityVirtual Patching Solution


Detects and blocks known and zero-day attacks that target vulnerabilities

Shields web application vulnerabilities

Increased visibility into, or control over, applications accessing the network

Fully integrates with VMware and provides visibility at the hypervisor level, removing the risk of attacks not being visible within virtualised environments



On the same VM running WIN2008 R2

This screen shows results of Trend Micro Deep Security Recommendation Scan :


On the same VM running WIN2008 R2

… And then identified and shielded a further 11 security updates for which there may be no patches

…. Deep Security identified and proactively shielded 13 security updates

… After security updates concerning local logon, SSL protocol and kernel were discounted…

This screen shows results of Trend Micro Deep Security Recommendation Scan :


Assess the effectiveness of your patch management process

Recommendations

1

Calculate the cost and risk of emergency patching2

Request a demo of Trend Micro Deep SecurityAnd see how virtual patching could reduce IT resources and costs while enhancing the security and compliance of your data centre applications

3

www.trendmicro.co.uk01628 400552

http://www.trendmicro.co.uk/

Technology

Real-life patch test - vulnerabilities found in one simple server in 6 months