With so many data breaches, hacks, and cybersecurity threats in the news, it’s often hard to keep up with the scandal of the day. But when a big name like the NSA finds a major vulnerability in Microsoft’s universally used OS, it makes headlines around the world.
While most people are familiar with Microsoft and the NSA; cryptographic libraries, certification authorities, and man-in-the-middle attacks are beyond the understanding or interest of most casual readers.
In simple terms, the vulnerability can be exploited in the Windows CryptoAPI certification validation process, which then allows hackers to spoof secure webpages and fake file signatures. Admins, however, need more information, especially what an attack could mean to the organization’s day-to-day business operations.
Security shouldn’t be painful
Installing the Microsoft patch is extremely important, but despite the severity of the threat, some admins are rightfully hesitant.
In the first month of 2020 alone, there have already been nearly 1,000 common vulnerabilities and exposures (CVE) reported to the National Vulnerability Database (NVD). While critical to patch, patching alone may just be the first in a series of tasks. Often, administrators have to manage a cascading series of related remediations, patches, and configuration changes necessitated by the original patch.
When security patches repeatedly disrupt normal business activities it’s natural to become frustrated. What good is it to be secure if you can’t operate your business?
As a trusted security vendor that prides itself on improving the productivity of all users, patches like these remind us that security doesn’t have to come at the cost of sacrificing user experience.
That’s why we dug into the latest Microsoft Windows CryptoAPI vulnerability to confirm that NetMotion’s functionality is not impacted. But we didn’t stop there. We also tested the Windows patch on our machines to be sure that NetMotion will still work so that users can get back to business as quickly as possible.
Security patches – from Microsoft or anyone else – aren’t going away any time soon. In a perfect world these patches would simply fix the issue at hand and have no other impact on the business. But until then, we will continue to investigate vulnerabilities and let you know what to do to protect your organization and stay productive.
For more information, please review our customer advisory.
Have more questions? Contact us
- Ransomware – the scourge of our times
- Creating a Cyber Security Culture with former Arsenal F.C IT Director, Christelle Heikkila
- Demand for ZTNA continues its upward trajectory in 2022
- What does “cyber resilience” mean to Legal IT?
- Where are you on the machine learning and artificial intelligence roadmap?