As companies accelerate remote work policies for the health and safety of employees and their families, IT organizations are facing challenges like never before by keeping work PCs safe and secure while ensuring hackers don’t exploit unsuspecting or distracted users. In response, Absolute announced today, the company will provide all customers with free access to its comprehensive library of custom workflows that enable a more seamless, effective way to secure and manage devices.
The most recent example is the remote code execution vulnerability or ‘wormable’ CVE-2020-0796 that carries the potential to propagate itself from vulnerable computer to vulnerable computer. While Microsoft moved swiftly to warn Windows 10 users and deliver a security update, the difficulties of patching remote devices that may not be connected to the corporate network, as well the probability of failed updates, present a significant risk of exposure to cyberattacks.
Recent data validates the risk exposure presented by unpatched devices and gaps in security policies or applications. Early findings from our coming 2020 State of Endpoint Resilience Report show that more than half of Windows 10 enterprise devices with versions 1903 and 1909 — those that are susceptible to CVE-2020-0796 — are more than four weeks behind installing patches. This is hugely concerning in light of another recent study that found 60 percent of all breaches are linked to a vulnerability where a patch was available, but not applied.
New Reporting and Reach Scripts
To help our customers keep up in today’s challenging times, we have created new report and reach scripts that enables IT to mitigate this vulnerability by identifying all potentially affected devices and disabling access to targeted servers until the patch is installed. In addition to the workaround for CVE-2020-0796, Absolute customers have access to more than 130 custom workflows that allow them to easily run queries or reports and then take widespread remedial action such as enforcing patch installations, turning on or repairing VPN applications for a secure connection for remote devices, and more, with just a few clicks. Because of Absolute’s unique firmware-embedded position, these actions can be enforced and executed on any device connected to the internet, even if off the corporate network.
In support of IT teams working to ensure business continuity and enable remote employees to reliably and securely connect to corporate systems amid the global outbreak of the novel coronavirus, we are providing access to our comprehensive library of custom workflows and Reach scripts for Visibility and Control tier customers at no cost through August 31, 2020.
The silver lining in our current chaotic and uncertain environment is how people across the globe are stepping in to support each other. We’ve seen time and again how organizations are lending help wherever possible and that’s certainly our goal at Absolute. IT desks everywhere are faced with mounting challenges managing and securing more and more devices from relentless cyber-attackers.
This crisis may pose a lot of questions for IT and Security teams. We are monitoring millions of activated devices across our 12,000 customers, and we are continuing to explore every possible way we can provide help to our customers and partners during this trying time. If you have critical endpoint related issues you’re battling in your business – we welcome your input and ideas. Send them our way.
For now, stay well and be safe.