Already some security pros have taken to calling the Wednesday after Microsoft’s monthly patch update “Exploit Wednesday.” But perhaps more troubling is the fact that hackers have found they can broaden their window further by even releasing exploits just before Patch Tuesday — a trend highlighted by December’s spate of Word exploit discoveries.
“That is a trend we have been noticing over the past couple of months,” says Eng-Wee Yeo, senior security consultant for Shavlik Technologies. “It has gotten to the point where the window for these exploits opens up to a week before Patch Tuesday.”
Exacerbating the effect of these zero-day attacks are the targets that they are locking in on, says Marc Maiffret, chief technology officer for eEye Digital, who says that many of these attacks are taking advantage of flaws in programs such as Word and Internet Explorer to easily bypass perimeter security.
“The timeliness of these exploits are compounded by the nature of the attacks themselves,” says Maiffret, who emphasizes that organizations should be relying on a number of client-side defenses to protect against these zero-day attacks, rather than depending on perimeter protection and patching alone.
Beyond using proactive technology to protect against zero-day attacks, Yeo also says that security pros can arm themselves with information about the attacks to mitigate risk. Often this information can come straight from your security vendor, he says.
According to Alan Shimel, chief executive officer for StillSecure, it is the duty of any organization’s security company to be able to provide these kind of recommendations even in the face of zero-day risks that may stay unpatched for long stretches.
“If your security vendor is just waiting for Microsoft to come out with patches, it is time to go find yourself another security vendor,” Shimel says. — EC