Recently, Trend Micro warned of two serious remote code execution vulnerabilities in Apple’s QuickTime for Windows. This was quickly picked up by the U.S. Computer Emergency Readiness Team (US-CERT), which issued its own alert concluding that the only safe course of action is to uninstall.

Apple has been phasing out development and support for QuickTime for Windows since version 7, released almost a decade ago. Although exploits for these vulnerabilities have yet to be seen in the wild, it’s time to get QuickTime off all Windows machines.

There are few remaining dependencies on the product; some Adobe integrations still have dependencies on older codecs that rely on QuickTime, but Adobe is working on a solution.

How to Address Risks

So what about the impact on enterprises where this — and a whole host of other unpatched vulnerabilities — may still be installed?

I asked Dr. Dale Meyerrose, retired major general in the U.S. Air Force and former Associate Director of National Intelligence, about the issue. Now an independent consultant, he had much to say about effective remediation techniques.

“I’m continuously asked by CXOs where they can get the biggest bang for their buck, their biggest immediate reduction in risk, and for me the answer is almost always the same: basic blocking and tackling, [and] well-implemented continuous internal controls, especially those focused on the vulnerable endpoint,” he said.

“Basic housekeeping, though perhaps not the most exciting of topics, is by far one of the largest problems that we really struggle to manage well.”

Finding Fixes for QuickTime for Windows

Unfortunately, home users are pretty much on their own to make and implement these decisions. But for the enterprise, this is where certain mechanisms and products such as IBM BigFix can excel, especially with a vibrant and active community of users that create, share and validate fixlets to automate remediation.

One such fixlet has already been created by an IBM BigFix user and is available for all to use:

More from Endpoint

Combining EPP and EDR tools can boost your endpoint security

6 min read - Endpoint protection platform (EPP) and endpoint detection and response (EDR) tools are two security products commonly used to protect endpoint systems from threats. EPP is a comprehensive security solution that provides a range of features to detect and prevent threats to endpoint devices. At the same time, EDR is specifically designed to monitor, detect and respond to endpoint threats in real-time. EPP and EDR have some similarities, as they both aim to protect endpoints from threats, but they also have…

The needs of a modernized SOC for hybrid cloud

5 min read - Cybersecurity has made a lot of progress over the last ten years. Improved standards (e.g., MITRE), threat intelligence, processes and technology have significantly helped improve visibility, automate information gathering (SOAR) and many manual tasks. Additionally, new analytics (UEBA/SIEM) and endpoint (EDR) technologies can detect and often stop entire classes of threats. Now we are seeing the emergence of technologies such as attack surface management (ASM), which are starting to help organisations get more proactive and focus their efforts for maximum…

X-Force identifies vulnerability in IoT platform

4 min read - The last decade has seen an explosion of IoT devices across a multitude of industries. With that rise has come the need for centralized systems to perform data collection and device management, commonly called IoT Platforms. One such platform, ThingsBoard, was the recent subject of research by IBM Security X-Force. While there has been a lot of discussion around the security of IoT devices themselves, there is far less conversation around the security of the platforms these devices connect with.…

X-Force prevents zero day from going anywhere

8 min read - This blog was made possible through contributions from Fred Chidsey and Joseph Lozowski. The 2023 X-Force Threat Intelligence Index shows that vulnerability discovery has rapidly increased year-over-year and according to X-Force’s cumulative vulnerability and exploit database, only 3% of vulnerabilities are associated with a zero day. X-Force often observes zero-day exploitation on Internet-facing systems as a vector for initial access however, X-Force has also observed zero-day attacks leveraged by attackers to accomplish their goals and objectives after initial access was…