What happened with LastPass?
The recent news about the LastPass hack is a stark reminder of the importance of patch management. LastPass, a popular password management tool used by millions of people around the world, recently suffered a hack that exposed the email addresses and encrypted master passwords of its users. The hack occurred because one of LastPass’ engineers failed to update Plex on their personal computer with a known vulnerability that had been identified in the software several months prior.
According to reports, the LastPass hack was made possible by exploiting a nearly three-year-old (!), now-patched flaw in Plex, which allowed the attacker to execute arbitrary Python code on the engineer’s computer. The specific vulnerability in question is CVE-2020-5741, which is a deserialization flaw impacting Plex Media Server on Windows. This flaw could be exploited by a remote, authenticated attacker to execute arbitrary code in the context of the current operating system user, with a CVSS score of 7.2.
This incident underscores the critical importance of reducing the Mean Time to Remediate (MTTR) when it comes to patching vulnerabilities. MTTR is the average amount of time it takes for an organization to fix a vulnerability once it has been identified. In the case of the LastPass hack, the vulnerability had been identified and patched three years prior, but the engineer failed to update their personal computer with the patch, which left the organization vulnerable to attack.
By reducing MTTR and implementing effective patch management practices, organizations can minimize the window of opportunity for attackers to exploit known vulnerabilities, thus reducing the risk of data breaches and other cyber attacks.
Why is patch management so important?
This incident highlights the critical importance of patch management. When vulnerabilities are identified in software, it is essential that organizations act quickly to patch those vulnerabilities. Failure to do so can leave them vulnerable to attack, as was the case with LastPass.
Here are some key reasons why patch management is so important:
- It prevents known vulnerabilities from being exploited. When software vulnerabilities are identified, attackers often move quickly to exploit those vulnerabilities before they can be patched. By implementing effective patch management practices, organizations can minimize the window of opportunity for attackers to exploit known vulnerabilities.
- It reduces the risk of data breaches. Many data breaches are the result of unpatched vulnerabilities in software and systems. By regularly patching vulnerabilities, organizations can reduce the risk of data breaches and protect their sensitive data from falling into the wrong hands.
- It helps to maintain compliance. Many industries are subject to regulatory requirements that mandate regular software updates and security patches. By implementing effective patch management practices, organizations can ensure that they remain in compliance with these regulations.
Steps to take to reduce the risk of cyber attacks
So, what can organizations do to improve their patch management practices and reduce their risk of cyber attacks? Here are some key steps to consider:
- Stay informed about software vulnerabilities: Organizations should stay up-to-date with the latest software vulnerabilities and security patches by subscribing to security newsletters and monitoring security blogs and forums.
- Develop a patch management plan: Organizations should develop a comprehensive patch management plan that outlines the process for identifying, testing, and deploying patches.
- Prioritize critical patches: Not all patches are created equal. Organizations should prioritize critical patches that address high-risk vulnerabilities and deploy them as quickly as possible.
- Test patches before deployment: Organizations should test patches in a controlled environment to ensure they do not cause compatibility issues or unintended consequences.
- Monitor and verify patch deployments: After deploying patches, organizations should monitor and verify their deployment status to ensure that they have been installed successfully on all relevant systems.
How Action1 can help
Effective patch management is more important than ever with cyber threats constantly evolving. By using Action1’s patch management platform, organizations can stay one step ahead of attackers and protect their sensitive data from falling into the wrong hands.
Action1 offers a comprehensive risk-based patch management platform to help organizations automate the entire patch management process. With Action1, organizations can:
- Receive real-time alerts about critical patches and vulnerabilities
- Deploy patches to multiple endpoints simultaneously
- Test patches in a controlled environment before deployment
- Monitor patch deployment status and verify successful installation