Patch Tuesday: Zero-Day Vulnerabilities
Microsoft released its Patch Tuesday, October 13, 2021. With this, we saw 76 fixes, 3 of which are rated as critical. One critical fix to note was a zero-day vulnerability dubbed “MysterySnail.”
First, what is a zero-day vulnerability?
A zero-day vulernability or zero-day hack affects your computer software. This vulnerability is either:
- unknown to those who should be interested in its removal (in this case, Microsoft) or
- known and a patch has not been developed.
Until the vulnerability is mitigated, hackers can exploit it to adversely affect programs, data, additional computers, or a network. Not great.
What was so different about this zero-day?
The vulnerability contains of strings of a former zero-day. Typically, this would trigger malware to attack it, but that wasn’t the case here. The information disclosure portion of the exploit chain was identified as not bypassing a security boundary and was therefore not fixed.
This zero-day was found “in the wild.” Kinda crazy!
Those who discovered this vulnerability also found that variants of the malware were detected in widespread espionage campaigns against IT companies, military/defense contractors, and diplomatic entities.
What should we do?
We suggest all Thomas Guard and Thomas Group customers reboot all technology tonight to apply all fixes.
And if you’re not a TG customer, now’s the time to switch! Contact us today to get started.