patch management Archives

Winsage

April 28, 2025

Microsoft makes hot patching a paid feature for Windows Server 2025

Hotpatching in Windows Server 2025 allows system administrators to apply security updates without rebooting, enhancing response times to vulnerabilities. Microsoft will introduce a subscription model for this feature starting July 1, 2024, at an initial rate of [openai_gpt model="gpt-4o-mini" prompt="Summarize the content and extract only the fact described in the text bellow. The summary shall NOT include a title, introduction and conclusion. Text: Hotpatching emerges as a significant advancement in the realm of Windows Server 2025, allowing system administrators to implement security updates without the need for system reboots. This capability enhances the speed at which organizations can respond to vulnerabilities, aligning with the growing demand for agile IT operations. However, Microsoft has decided to place this feature behind a paywall, introducing a subscription model that will take effect from July 1, 2024, at an initial rate of .50 per core per month. Notably, users operating on Azure will be exempt from this charge, providing a clear incentive for cloud-based deployments. Previously available in Azure Hotpatching is not an entirely new concept; it has been successfully utilized in various environments, including the Linux kernel, VMware products, and the Xen hypervisor. Microsoft has previously offered hot patching capabilities for Windows Server: Azure Edition and version 2022 within the Azure cloud ecosystem. In August 2024, the company unveiled a preview of hot patching for Windows Server 2025 in Azure, followed by an additional preview for deployments managed through the Arc hybrid and multicloud management system in September. This latest preview marks a pivotal moment, as it introduces hot patching for Windows Server 2025 Standard and Datacenter Edition, enabling on-premises applications of this technology for the first time. Microsoft has characterized this feature as a “game changer,” highlighting its potential to redefine patch management for enterprises. Subscription model and patching cycle Under the new subscription model, Microsoft anticipates releasing eight hot patches annually. However, it is important to note that there may be instances where a restart is still required for security purposes. As the transition to the paid version approaches, users currently in the preview phase will be automatically migrated unless they opt out by June 30, 2024. This move has drawn parallels to Microsoft's previous strategies regarding detailed logs, which have sparked concern among security experts. Critics argue that by monetizing essential security features, Microsoft risks compromising the overall security posture for users who may not opt for these additional services. While hotpatching was initially heralded as a cornerstone innovation for Windows Server 2025, its placement behind a paywall raises questions about the balance between enhanced security and cost considerations for organizations. Read also: Windows Server 2025 updates cause problems" max_tokens="3500" temperature="0.3" top_p="1.0" best_of="1" presence_penalty="0.1" frequency_penalty="frequency_penalty"].50 per core per month, with Azure users exempt from this charge. Hotpatching has been previously available in Azure and is now being introduced for on-premises applications in Windows Server 2025 Standard and Datacenter Edition. Microsoft plans to release eight hot patches annually, although some may still require a restart. Users in the preview phase will be automatically migrated to the paid version unless they opt out by June 30, 2024. Critics express concern that monetizing essential security features may compromise overall security for users who do not subscribe.

Tech Optimizer

March 31, 2025

Traditional EDR can’t keep up with modern cyber threats

By 2025, the global cost of cybercrime is projected to reach .5 trillion annually. Many organizations continue to use outdated Endpoint Detection and Response (EDR) solutions, which are increasingly ineffective against sophisticated cyber threats. EDR was introduced in 2013 but has struggled to keep pace with evolving attack techniques. Traditional EDR is reactive, responding to incidents after they occur, and relies on known Indicators of Compromise (IoCs), which limits its effectiveness. Real-world examples of traditional EDR failures include a misconfigured update to CrowdStrike’s Falcon EDR causing an IT outage, the Akira ransomware exploiting an unsecured webcam, the Medibank breach despite multiple alerts from EDR, and the BlackCat ransomware attack on Henry Schein. These incidents highlight the inadequacy of traditional EDR in preventing modern threats. The next phase of endpoint security is Preemptive Endpoint Protection (PEP), which actively prevents attacks rather than just detecting and responding to them. PEP utilizes proactive strategies like Automated Moving Target Defense (AMTD) and Adaptive Exposure Management (AEM), and research indicates that organizations using proactive security save 30% more on breach costs compared to those relying solely on reactive measures.

Winsage

March 12, 2025

CISA Warns of Microsoft Windows Management Console (MMC) Vulnerability Exploited in Wild

CISA has identified a critical vulnerability in Microsoft Windows Management Console (MMC), designated as CVE-2025-26633, which allows remote attackers to execute arbitrary code due to improper input sanitization. This vulnerability is included in CISA's Known Exploited Vulnerabilities catalog, and federal agencies must address it by April 2, 2025, as per Binding Operational Directive 22-01. Microsoft has released an out-of-band patch on March 10, 2025, to improve input validation in mmc.exe. Organizations are advised to prioritize patching, restrict MMC access, and monitor for exploitation.

Tech Optimizer

February 7, 2025

What is Managed Endpoint Protection?

Managed Endpoint Protection involves outsourcing endpoint security for devices like laptops, desktops, and servers to specialized providers. These services offer continuous monitoring, automated responses, and compliance checks, utilizing advanced analytics and real-time threat intelligence. Key features include continuous monitoring, automated threat containment, vulnerability management, forensic analysis, compliance tools, and threat hunting. Managed services address various threats such as ransomware, phishing, zero-day exploits, credential theft, insider threats, DDoS attacks, and data exfiltration. Benefits include 24/7 expert coverage, access to specialized threat intelligence, faster incident response, reduced operational complexity, predictable pricing, and improved compliance. Challenges include the rapidly evolving threat landscape, skills shortage, budget constraints, and ensuring real-time visibility. Best practices for implementation involve maintaining asset inventories, defining roles, fine-tuning detection thresholds, conducting regular drills, and integrating with broader security measures. When choosing a provider, factors to consider include technical expertise, service level agreements, integration capabilities, pricing, compliance, and ongoing support. SentinelOne offers an autonomous cybersecurity platform that enhances endpoint security through superior visibility, automated responses, and customizable features.

Tech Optimizer

February 5, 2025

Avast Antivirus Statistics and Facts (2025)

Avast's global revenue for 2024 is projected to reach USD 950 million, with a growth rate of 4% compared to the previous year. The company has over 435 million active users globally, with 60% of its revenue coming from Europe and North America. Avast controls 6.5% of the global antivirus market and ranks among the top five providers in the cybersecurity industry. Its VPN services, using AES-256-bit encryption, saw a 12% increase in subscriptions. Additionally, 80% of Avast's products integrate AI and machine learning, and mobile security products account for 20% of its total revenue. Avast has raised USD 100 million in funding, bringing its valuation to USD 2,865.9 million, and partnerships with major tech companies contribute 10% of its total revenue. The company employs more than 1,800 individuals and has around 9 million weekly active users. Avast prevents nearly 1.5 billion attacks each month and has users in 59 countries. A total of 859 companies utilize Avast for organizational cybersecurity solutions, and the software is available in 45 different languages. Avast offers a 30-day free trial and has a highly accurate antivirus solution, with a 94.2% offline detection rate and a 99.5% online detection rate. Avast is compatible with Windows, macOS, Android, and iOS, and provides a 30-day money-back guarantee. The software features include real-time protection, Wi-Fi Inspector, CyberCapture, and email shield. Paid plans range from INR 4,144.79 (USD 49.99) to INR 6,632.17 (USD 79.99) per year. In Q1 2024, social engineering attacks were identified as the biggest threat, with scams increasing by 61% on mobile and 23% on desktop. Avast's global risk ratio was 31%, with a total of 3.52 billion blocked attacks. The company secured the fourth position in the antivirus market, with 8% paid users and 18% free users. As of July 2024, avast.com had 14.1 million visits, with the United States contributing 20.1% of the traffic. Male users made up 62.93% of visitors, and the highest percentage of users were aged 25 to 34. Organic search generated the highest traffic rate, accounting for 45.9%, while YouTube was the leading source of social media referrals.

Tech Optimizer

February 5, 2025

Avast Antivirus Statistics and Facts (2025)

Avast has a user base exceeding 435 million globally and employs over 1,800 individuals. The company’s projected global revenue for 2024 is USD 950 million, with approximately 60% generated from Europe and North America. Avast commands 6.5% of the global antivirus market and has raised USD 100 million in funding, elevating its valuation to USD 2,865.9 million. The software prevents nearly 1.5 billion attacks each month and operates in 59 countries. It is available in 45 languages and competes with brands like Symantec and McAfee. Avast's antivirus solution has a 94.2% offline detection rate and a 99.5% online detection rate. Paid plans range from INR 4,144.79 (USD 49.99) to INR 6,632.17 (USD 79.99) annually. In Q1 2024, Avast blocked 3.52 billion attacks, with social engineering attacks being the predominant threat. The website avast.com recorded 14.1 million visits in July 2024, with the United States accounting for 20.1% of total traffic. Organic search generated 45.9% of total visits, and YouTube was the leading social media referral source.

Winsage

December 17, 2024

New Microsoft Windows Security Deadline—CISA Says Update Before Jan. 6

CISA has added the Microsoft Windows kernel security vulnerability CVE-2024-35250 to its Known Exploited Vulnerabilities catalog, requiring organizations to address it by January 6, 2025. This vulnerability, characterized as a "Windows Kernel-Mode Driver Elevation of Privilege Vulnerability," allows attackers to escalate privileges from local user to administrator and was patched in June 2024. The attack complexity is rated as low, making it easier to exploit. CISA advises all organizations to prioritize remediation of this vulnerability, which affects all versions from Windows 10 and Windows Server 2008 onward.

Winsage

December 16, 2024

“Reinventing the Wheel: New Computing Concepts Using Windows NT Architecture and PowerShell”

The Windows NT architecture continues to support a significant portion of global IT infrastructure, with millions of installations across Windows Server, Windows 10, and Windows 11. It can be leveraged alongside modern PowerShell techniques to create next-generation computing solutions. A secure and distributed file system can be implemented using Windows NT's Distributed File System (DFS) with encryption capabilities through PowerShell scripts. This allows organizations to create a secure, fault-tolerant file-sharing mechanism. PowerShell scripts can also be used to establish a real-time health monitoring dashboard that aggregates data from event logs, system performance counters, and custom triggers, enabling system administrators to swiftly identify failures and monitor system health. Automating patch management can be achieved through PowerShell by utilizing Windows Update Services (WSUS) to streamline the detection of missing updates, apply patches, and audit systems for compliance. PowerShell can enhance identity and access management (IAM) processes by automating compliance and monitoring permissions, ensuring continuous auditing of user access rights and adherence to corporate policies.

Winsage

December 10, 2024

Critical Windows Zero-Day Alert: No Patch Available Yet for Users

A newly identified zero-day vulnerability in Windows allows attackers to steal NTLM credentials through methods such as opening a malicious file in Windows Explorer. This vulnerability affects multiple versions of Windows, including Windows Server 2022, Windows 11 (up to v24H2), Windows 10, Windows 7, and Server 2008 R2. The exploitation requires minimal user interaction, such as accessing shared folders or USB disks. In response, 0patch is providing a complimentary micropatch to registered users until Microsoft issues an official fix. The vulnerability is part of a larger trend of unresolved issues in Windows, and cybersecurity experts emphasize the need for enterprises to adopt robust security measures beyond automated patch management.

Winsage

December 9, 2024

The Countdown to Windows 10 End of Life: What IT Teams Need to Know

Microsoft will discontinue support for Windows 10 on October 14, 2025. Extended Security Updates (ESUs) will be available for a maximum of three years at approximately per device. Windows 10 is currently the most targeted among older Windows operating systems, facing high-severity vulnerabilities. Organizations should conduct an asset audit, evaluate ESUs, migrate critical systems to the cloud, and establish a decommission plan for legacy systems. Morphisec offers a lightweight security solution for legacy systems, utilizing Automated Moving Target Defense (AMTD) technology to protect against advanced threats without the need for updates or internet connectivity.