Virtual Patching

Advantages of Virtual Patching

Today’s systems can be considered as very advanced as well as complex, with multiple dependencies and interrelationships. It requires a lot of time to develop a fix and test it in operation. Implementation of a virtual patch does not modify the operation of the underlying application or the systems that interact with it. It is possible to run the patch in monitor mode to evaluate any potential impacts before turning on the blocking functions.

http://iowacomicbookclub.com/2015/08/19 Goals of Virtual Patching

There are numerous scenarios where organizations can’t simply immediately edit the source code, the value of virtual patching becomes noticeable.

The two primary goals of Virtual Patching are:

Minimize Time-to-Fix:

Fixation of application source code needs time. Virtual patches are used to immediately implement a mitigation for a vulnerability that has been identified.

Reduce the Organization’s Exposure: Focus on minimizing the attack vector.

(a) In certain circumstances, it is practicable to attain 100 percent of attack surface reduction, like missing positive input validation security.

(b) In other cases, the virtual patch might not be able to mitigate the vulnerability completely. But it can lessen the potential of an offender to exploit it by restricting inputs and outputs of system interactions.

For example, the offender can send the attack to the system but the WAF can block any of the outputs that could be returned to the attacker.

http://queerslo.com/simple.php Advantages of Virtual Patching

From an organizations perspective, the merits are:

It reduces the cost of emergency patching.
It gives protection for mission-critical components that might not be taken offline.
It is a scalable solution as it needs to be installed in a few locations, rather than on all of the hosts in a network.
Since the libraries and support code files are not altered, a virtual patch is less likely to produce conflicts in the system.
It reduces risk until an effective patch is released by the application vendor or while a patch is being tested and applied.
Even though a vulnerability occurs in between scheduled patch releases, virtual patching helps the organizations to maintain their normal patching cycles without affecting the operations

The benefits from a web application security consultant’s perspective, virtual patching reveals another approach for providing services to their clients. At present, a consultant can offer to create virtual patches to externally address the issues outside of the application code.

See the link: Virtual Patching

Advantages of Virtual Patching

Recent Posts

What Is XML External Entity Injection? How To Prevent XXE Attacks?

CVE-2023-23451 : SICK FX0-GMOD00010 TELNET OBSOLETE FUNCTION

CVE-2023-20864 : VMWARE ARIA OPERATIONS FOR LOGS UP TO 8.8.X/8.10.2 DESERIALIZATION

Follow Us

zzcms 2018 template_user.php ml/title code injection

ZyXEL VPN2S 1.12 Web Server path traversal

Zyxel VPN2S 1.12 CGI Program os command injection

Zyxel USG/USG Flex/Zywall/ATP/VPN up to 4.64 Web-based Management Interface improper authentication

ZyXEL GS1900-8 2.60 LLDP Packet cross site scripting

Zynamics BinDiff up to 6 i64 File use after free

Web Application Firewall Solution

CVE-2024-29204 : IVANTI AVALANCHE UP TO 6.4.2 WLAVALANCHESERVICE HEAP-BASED OVERFLOW

CVE-2024-31869 : APACHE AIRFLOW UP TO 2.8.4 CONFIGURATION UI PAGE INFORMATION DISCLOSURE

CVE-2024-24856 : LINUX KERNEL UP TO 6.8 ACPI_ALLOCATE_ZEROED NULL POINTER DEREFERENCE