Other issues in this category (71)
When enhanced security is a must
A conventional anti-virus on a PC or smart phone will prevent malicious code from being downloaded or launched. And if a traffic scanning component has been installed, it will protect applications from code-injection attacks that exploit unpatched vulnerabilities (e.g., through nefarious images, something we’ve discussed at length in several Anti-virus Times issues)—the anti-virus will prevent Trojans from meddling with vulnerable programs.
But sometimes an anti-virus can't be installed on all potentially vulnerable devices in a corporate environment. Therefore, companies are recommended to adopt server anti-virus solutions to protect their networks. Anti-viruses for mail servers and gateways scan inbound traffic before it is processed by PCs, servers and other devices. When anti-virus security is organised this way, the applications on these computers are protected from attacks leveraging unknown or unpatched vulnerabilities.
In this case, a typical security schematic will look like this:
However, a mail server or Internet gateway may also have vulnerabilities! Here is a recent news post:
Five vulnerabilities were patched at once in Microsoft Exchange. One of them — CVE-2018-8154 — looks particularly dangerous: an attacker just needs to send a specially crafted email to an MS Exchange server to initiate code execution with SYSTEM privileges.
A remote code execution vulnerability exists in Microsoft Exchange software whereby the software fails to properly handle objects in the memory. An attacker who has successfully exploited the vulnerability could run arbitrary code in the context of a System user. An attacker could then install programs; view, change, or delete data; or create new accounts.
A security update patching the loophole has already been released, but:
- We all remember how "often" updates are applied on server machines;
- If one vulnerability was discovered, more will follow.
And our recommended security schematic becomes more complex. Naturally, the anti-virus for Internet gateways will always be the first to scan inbound traffic. However, an anti-virus mail gateway (SMTP proxy) can be employed to scan the data flow before it reaches the mail server. The anti-virus SMTP proxy facilitates in-depth mail-traffic analysis. It has many advantages, but in our case protecting the mail server is its principal task.
#corporate_security #email #vulnerability #security_updates
Furthermore, an SMTP proxy offers many more options for scanning traffic. But that's a whole different story…
No exploit has been discovered yet for CVE-2018-8154, which means that one could emerge at any moment.
And don’t wait for another malware outbreak to occur before updating your PC, server or smartphone!