Vulnerability Management, Risk Assessments/Management
Healthcare patch priorities: HC3 alerts to SAP, Microsoft, Android vulnerabilities

Signage at the headquarters of SAP AG, Germany's largest software company, is seen Jan. 8, 2013, in Walldorf, Germany. (Photo by Thomas Lohnes/Getty Images)
The Department of Health and Human Services Cybersecurity Coordination Center (HC3) issued a report detailing a range of vulnerabilities disclosed in the last month, which healthcare security leaders should prioritize given the criticality and potential impact to the sector.Among the list of vulnerabilities disclosed in April of interest to healthcare, HC3 spotlighted key disclosures from Microsoft, Android/Google, and SAP for which patching is imperative given the risk to the enterprise and evidence of active targeting again the SAP flaws. The bulletin also includes disclosures from Apple, Cisco, Adobe, Oracle, Mozilla, SonicWall, and VMWare. Microsoft issued patches for 145 vulnerabilities in April, 10 ranked critical and 115 marked "important." HC3 made note of two of the most pressing to healthcare: Windows Hyper V and Windows Network File System. The file system holds two critical remote code execution flaws, but they can only be exploited on systems with the NFS role enabled.Three critical flaws in Hyper V could enable remote code execution, and “if a threat actor is able to open a specially crafted file, followed by an application on a Hyper-V guest, then that could cause the Hyper-V host operating system to execute arbitrary code.” Microsoft also disclosed four wormable flaws last month, which HC3 explained could “have a significant impact if the number of vulnerable machines is high enough.” Entities should employ web application firewalls to help to mitigate this type of risk.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds