Author: Zhang Zaifeng, yegenshen, RootKiter, JiaYu On July 18, in an officially released routine patch update, Oracle fixed CVE-2018-2893, an Oracle WebLogic Server remote code execution vulnerability. Three days later, at 2018-07-21 11:24:31 GMT+8, we noticed that a malicious campaign that we have been tracking for a
Satya Gupta, CTO and Co-founder, Virsec:
“By its nature, patching is reactive and always leaves gaps in coverage. But the reality in practice is much worse. Even well run organizations can take months to consistently patch servers – and that’s if the know exactly what they have. Once a vulnerability is discovered, hackers are very adept at finding web servers that remain vulnerable. Of course you should patch whenever possible, but it’s easier said than done. We need to move to a model where applications are protected “as is” regardless of their patch level.”
Sharon Vardi, CMO, Prevoty, Inc.
“Staying on top of patches is extremely challenging. Not only is there an influx in vulnerability disclosures year after year, but patch deployment requires detailed due diligence, including testing and validation. Vulnerabilities are frictionless weapons — meaning the moment they’re disclosed, they can be turned around and exploited against the public in nefarious ways at scale.
“Incidents like the Oracle WebLogic server attack highlight the importance of protecting applications from attacks that leverage known and zero-day vulnerabilities. Vulnerability and patch management inherently require a lot of time and resources. And, organizations can’t keep up with nefarious actors’ turnaround times. Autonomous Application Protection solutions deliver immediate, permanent patches, not only ensuring that the window of exposure never opens, but also buying organizations time to remediate vulnerabilities on their own schedules.”