Opinion Security News

Key Insights on Urgent 11 vulnerabilities: Stan Lowe, Zscaler

Security researchers disclosed 11 flaws in the VxWorks real-time operating system. Six of the vulnerabilities are classified as critical and enable Remote Code Execution (RCE). The remaining vulnerabilities are classified as denial of service, information leaks or logical flaws. URGENT/11 is serious as it enables attackers to take over devices with no user interaction required, and even bypass perimeter security devices such as firewalls and NAT solutions,” the report stated. “These devastating traits make these vulnerabilities ‘wormable,’ meaning they can be used to propagate malware into and within networks. Such an attack has a severe potential, resembling that of the EternalBlue vulnerability, used to spread the WannaCry malware.”

Stan Lowe, Global CISO at Zscaler provides insights and views on “Urgent 11 vulnerabilities”:

    1. What are these “Urgent/11″ vulnerabilities that have been discovered in TCP/IP (IPNet) networking stack?
      • They are a set of 11 critical vulnerabilities that were found by researchers in VxWorks RTOS in their implementation of the TCP/IP stack that they utilize and include things like Stack Overflows, Heap overflows etc., which are easy to easy to exploit.
    2. Which devices are the most vulnerable to this risk?
      • Literally any device that uses VxWorks RTOS, including, routers, medical devices, manufacturing devices etc.
    3. Who are at the center of the risk if these systems get breached?
      • The VxWorks RTOS is so widely used that there is no individual class of devices that pose more of a risk than others.
    4. What are the best practices that can protect organizations from many vulnerabilities that could otherwise be exploited?

Following are some important focus areas where enterprises can reduce their vulnerabilities:

Decrypting SSL/TLS traffic:

Attackers know that many organizations allow encrypted traffic from “trusted” websites, devices and CDNs to pass uninspected because SSL inspection requires significant processing power

IoT security:

IoT devices are notorious for poor security and many devices appearing on enterprise networks are often employee-owned. It’s likely that many have weak, preset passwords

Run specific scans on your network segments to try and fingerprint the VxWorks RTOS in your environment. Then the best way to prevent IoT devices from exposing your network is to isolate them on their own network (to prevent lateral movement) and restrict inbound and outbound traffic

Patch management:

Patch the vulnerable devices that you know about/discover

To block attackers’ attempts to probe for unpatched devices, you need an effective intrusion prevention system.

Develop signatures to look for the CVE’s noted at your boundaries and internal segments

Employee training:

Key layer in enterprise defense

Buying and installing IoT devices present security risks to your organizations, include an IoT section in your annual security awareness training

Leave a Comment

Your email address will not be published.

You may also like