Light Dark
April 29, 2016 By Patrick Vowles 2 min read
Endpoint
Software Vulnerabilities

Recently, Trend Micro warned of two serious remote code execution vulnerabilities in Apple’s QuickTime for Windows. This was quickly picked up by the U.S. Computer Emergency Readiness Team (US-CERT), which issued its own alert concluding that the only safe course of action is to uninstall.

Apple has been phasing out development and support for QuickTime for Windows since version 7, released almost a decade ago. Although exploits for these vulnerabilities have yet to be seen in the wild, it’s time to get QuickTime off all Windows machines.

There are few remaining dependencies on the product; some Adobe integrations still have dependencies on older codecs that rely on QuickTime, but Adobe is working on a solution.

How to Address Risks

So what about the impact on enterprises where this — and a whole host of other unpatched vulnerabilities — may still be installed?

I asked Dr. Dale Meyerrose, retired major general in the U.S. Air Force and former Associate Director of National Intelligence, about the issue. Now an independent consultant, he had much to say about effective remediation techniques.

“I’m continuously asked by CXOs where they can get the biggest bang for their buck, their biggest immediate reduction in risk, and for me the answer is almost always the same: basic blocking and tackling, [and] well-implemented continuous internal controls, especially those focused on the vulnerable endpoint,” he said.

“Basic housekeeping, though perhaps not the most exciting of topics, is by far one of the largest problems that we really struggle to manage well.”

Finding Fixes for QuickTime for Windows

Unfortunately, home users are pretty much on their own to make and implement these decisions. But for the enterprise, this is where certain mechanisms and products such as IBM BigFix can excel, especially with a vibrant and active community of users that create, share and validate fixlets to automate remediation.

One such fixlet has already been created by an IBM BigFix user and is available for all to use:

 |  |  |  |  | 
Patrick Vowles
Next Generation End Point Security Marketing, IBM

More from Endpoint
November 28, 2023

Unified endpoint management for purpose-based devices

4 min read - As purpose-built devices become increasingly common, the challenges associated with their unique management and security needs are becoming clear. What are purpose-built devices? Most fall under the category of rugged IoT devices typically used outside of an office environment and which often run on a different operating system than typical office devices. Examples include ruggedized tablets and smartphones, handheld scanners and kiosks. Many different industries are utilizing purpose-built devices, including travel and transportation, retail, warehouse and distribution, manufacturing (including automotive)…

October 30, 2023

Virtual credit card fraud: An old scam reinvented

3 min read - In today's rapidly evolving financial landscape, as banks continue to broaden their range of services and embrace innovative technologies, they find themselves at the forefront of a dual-edged sword. While these advancements promise greater convenience and accessibility for customers, they also inadvertently expose the financial industry to an ever-shifting spectrum of emerging fraud trends. This delicate balance between new offerings and security controls is a key part of the modern banking challenges. In this blog, we explore such an example.…

October 19, 2023

Endpoint security in the cloud: What you need to know

9 min read - Cloud security is a buzzword in the world of technology these days — but not without good reason. Endpoint security is now one of the major concerns for businesses across the world. With ever-increasing incidents of data thefts and security breaches, it has become essential for companies to use efficient endpoint security for all their endpoints to prevent any loss of data. Security breaches can lead to billions of dollars worth of loss, not to mention the negative press in…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature