By now we know that the recent attacks on Google were generated via a vulnerability in Internet Explorer. While the story brings together two of the most widely used computing tools, let’s not lose sight of what this really is. At its core, this attack is a basic remote code execution – this means there is a bug in IE that enables a hacker to run a malicious piece of code on a piece of software. In this instance, the affected company was Google.
Vulnerabilities that lead to remote code execution are the most interesting from a hacker’s perspective as these vulnerabilities give complete control of the compromised system to the hacker thereby enabling them to launch a variety of attacks, including denial-of-service, spam messaging or phishing attacks. According to the Frost & Sullivan Vulnerability Tracker for 1H2009, more than 82.5 percent of reported vulnerabilities use remote code execution.
Client-side attacks, like the Internet Explorer vulnerability, offer hackers the largest target base for enabling remote code execution. In September, we published the Top Cybersecurity Risk Report in conjunction with Qualys and SANS, which indicated client-side attacks like this are the number one risk for organizations today. This type of vulnerability leaves the door open for exploits that result in data loss or worse, thereby damaging brand reputation and leading to financial and legal issues.
The report also found that on average, major organizations take at least twice as long to patch client-side vulnerabilities as they take to patch operating system vulnerabilities. In other words, the highest priority risk is getting less attention than the lower priority risk.
So what to do?
Organizations should most definitely maintain system and application patches to keep these holes from being exploited. However, when immediate patching is not possible either because of delays in vendor patches being issued, or because the patches could cause service quality issues, a good intrusion prevention system (IPS) can help protect your network.
At TippingPoint, our Digital Vaccine® Labs (DVLabs) and Zero Day Initiative (ZDI) researchers uncover hundreds of these client side vulnerabilities every year. Frost & Sullivan reports that TippingPoint leads all researchers by reporting the highest number of vulnerabilities that enabled code execution. Understanding the dynamics of remote code execution is what gives our team the knowledge to create the most accurate and up-to-date filters for our IPS Platform – and our customers the confidence that their networks are safe.
Again, the real story here is not Google or Microsoft, or even Chinese hackers. The real take away from the Google/IE story is the serious risk posed by these client-side vulnerabilities and what organizations can do to protect themselves.
Rohit Dhamankar, Director of DVLabs, TippingPoint
