Third-party code, MSP

Third-Party Software Patching: Your Cyber Armor in 2024

Patching: the unlocked door

As an MSP, you’re not just a tech wizard, you are the guardian of your clients’ data sanctuaries. Where hackers wield virtual swords, third-party software patching is your gleaming armor. Let’s sharpen our swords and dive into why this battle matters. 

Why Third-Party Patching? 

Third-party patching involves deploying updates to applications not developed by the device or OS manufacturer. These applications — think Adobe Acrobat Reader, Google Chrome, or WinZip — form the backbone of daily business operations. Yet, they’re also prime targets for cybercriminals due to potential vulnerabilities. Recent examples show the importance of third-party patching and why leaving it up to your customers and their users to keep software updated can leave them open to attack. 

Legendary Exploits 

Your customers rely on business software applications to help them deliver products and services. However, without timely updates, they can become ticking timebomb, as some of these fabled exploits show. 

  1. Microsoft Office (CVE-2017-11882).This vulnerability allowed remote code execution through malicious documents. Imagine a seemingly harmless Word file—once opened, it becomes a gateway for cyber intruders
  2. Adobe Acrobat Reader (CVE-2018-7600). An example of a remote code execution flaw. Cybercriminals exploit PDF files to infiltrate systems. A harmless-looking invoice could harbor a digital serpent
  3. CMS Platforms (e.g., Drupal, WordPress). Unpatched CMS systems are like unlocked castle doors. The Drupalgeddon vulnerability (CVE-2018-7600) allowed attackers to take control of Drupal sites. WordPress plugins also pose risks if not updated promptly. 
  4. Browser Vulnerabilities. Browsers like Google Chrome and Mozilla Firefox are frequent targets. Malicious websites exploit browser flaws to deliver malware or steal sensitive data. 
  5. Canva (CVE-2019-18935). Even creative tools aren’t immune. Canva, a popular design platform, had a vulnerability allowing remote code execution. Imagine a seemingly innocent logo design file — boom, cyber breach

Why It’s Your Quest

  1. 75% of Attacks Knock on Third-Party Doors. Cyber fiends love these back alleys. They exploit vulnerabilities in apps like Adobe Acrobat Reader and Google Chrome. Your mission? Seal those cracks. 
  2. The art of deception could fool your clients. Imagine a dragon guarding a treasure chest. Then imagine that the dragon is malicious code masquerading as a legitimate patch. Users unwittingly download it, and boom — their castle crumbles. 

Your Battle Plan

  1. Automate Like a Wizard. Use tools that automate Patch Management with spellbinding simplicity - applying patches while you sip your digital mead. 
  2. Prioritize Like a Paladin. Identify the crown jewels — those critical apps. Patch them first. Your clients will reward you with unfailing loyalty. 
  3. Stay Vigilant. Read the scrolls (security advisories). Be the hawk-eye watching for vulnerabilities. Swiftly deploy patches like arrows from your cyber quiver. Syxsense provides an independent monthly Third-Party Round Up webinar highlighting dangers you should be aware of. 

Outlook for 2024

The horizon glimmers with promise. But so do the shadows. In 2024, cyber-storms will brew — new zero days, fresh exploits. Your clients’ castles need reinforcement. Be their beacon. Patch relentlessly. Educate zealously. Shield fiercely. 

Remember, MSPs, you’re not just tech support; you’re the knights of the digital round table. So, unsheathe your patching swords, ride forth, and let the cyber saga continue!