III. Exploitation on Patch Management
Although patches aim to mitigate the risks caused by information system's vulnerabilities, they may expose these systems to additional channels of attack and even be manipulated by hackers to become the carrier of malware. Universities should pay attention to the following vulnerabilities relevant to patch management.
2. Malicious Insider
IT staff responsible for applying patches to production possess privileged system access, especially such patches are for the underlying infrastructure including operating system, database, network or even BIOS. Any malicious activities done by people like them will have devastating impact on universities' IT environment.
In addition, without proper testing before production deployment, IT staffs responsible for downloading patches also have the means to alter or sabotage the information systems by providing fake patch files to the deployment team.
3. Reverse Engineering
Most major attacks tend to occur in the hours immediately following the release of a security patch, as those are the moments when IT department will be detecting, acquiring, testing and deploying the patch, therefore the system will be in a particularly vulnerable state. The common method used by attackers, upon immediate release of a security patch, is for them to reverse engineer the patch in as little time as possible, identify the vulnerability and subsequently develop and release exploit code, thus hitting information systems at their weakest moments.
| Reference: http://www.pcworld.com/article/215491/worm_planted_in_fake_microsoft_security_update.html http://www.gfi.com/lannetscan/patch-management.htm |