Mitigating a Security Threat with Timely Linux Kernel Patching
Linux kernel patching is a process that includes applying security patches to the Linux kernel for addressing the known vulnerabilities that could harm the system. Known vulnerabilities refer to publicly disclosed security vulnerabilities usually found by users or security researchers. Since their information is publicly available, they are easier to find and exploit for attackers. Thus, it is critical to apply patches as soon as they are released to mitigate these vulnerabilities.
Organizations require effective patch management practices that maintain consistency in patching without delay to maintain a secure IT environment. By delaying patches, organizations only continue to put their system and sensitive data at risk of cyberattack. A 2019 Ponemon Institute survey found that 60% of breaches were the result of unpatched known vulnerabilities, of which the patches were released but not applied.
In this blog post, we will look at some of the famous security incidents that were the consequences of delayed patching. We will also discuss how live patching can help in timely Linux kernel patching without causing any downtime or the need to schedule hard-to-coordinate maintenance windows.
Security Incidents Resulting from Delayed Patching
One of the most popular security breaches that is linked to delayed patching is the Equifax Data Breach that happened in March 2017. During that same month, a vulnerability (CVE-2017-5638) was found in Apache Struts, an open-source Java framework used by Equifax. To counter this issue, on March 7th, the Apache Software Foundation released a patch to address this vulnerability. Although Equifax’s IT administrators were informed on March 9 to apply this patch to any impacted systems, the responsible employee failed to carry out this task.
As a result, hackers were successful in exploiting this vulnerability to access the sensitive data of about 150 million customers. Due to this breach, Equifax suffered damages of around $700 million.
Another worst-case scenario of delayed patching is the Marriott Data Breach which happened in 2014 before Marriott acquired Starwood Hotels in 2016. The breach was not discovered by Marriott until 2018. This shows that the company had been a victim for four long years due to an unpatched vulnerability that ultimately exposed 383 million customer records.
How Live Patching Can Minimize Delayed Patches
In the conventional Linux kernel patching approach, the system must be rebooted to apply security patches, causing certain intervals of downtime, which ends up interrupting service. So, it can be challenging for organizations to apply patches in a timely manner, especially for critical systems that can’t afford downtime for patching. As downtime negatively impacts the operation and reputation of organizations, many organizations delay patches to keep their Linux servers running.
But that is not the case with live Linux kernel patching, as the security patches are applied while the kernel is running, and no reboot is required. This can save organizations from costs related to downtime, system reboots, and potential service disruptions. Additionally, applying patches without rebooting reduces the chances of system instability caused by potential patching-related reboots.
Another reason to delay patching is the hurdle of manually applying patches. According to 52% of respondents in the 2019 Ponemon Institute survey, the usage of manual processes puts their organizations at a disadvantage when responding to vulnerabilities. IT employees tend to overlook the risks of delayed patching and miss the patch schedule due to poor patch management.
But patching should be done on schedule as part of a regular maintenance routine. By regularly updating the kernel and other software components, the system’s security and performance can be properly maintained.
This can be more easily achieved with an automated patching solution, like live patching.
Live patching tools like KernelCare Enterprise can automatically download and apply patches to the kernel whenever they are available. It streamlines and simplifies the patching procedure, allowing teams to automate regular vulnerability patching effectively. Automated patching also enables quicker responses to emerging threats, ensuring that vulnerabilities are addressed promptly.
KernelCare eliminates the need to rely on maintenance windows suggested by the original Linux distribution vendor to address potential security threats, allowing companies to minimize the risk that vulnerabilities are exploited while they wait for a maintenance window. Moreover, KernelCare can live patch all popular enterprise distributions, including RHEL, CentOS, AlmaLinux, Oracle Linux, Rocky Linux, Debian, Ubuntu, Raspberry PI, and more.
For detailed information on how TuxCare’s KernelCare live patching works, refer to this guide.
Timely Linux kernel patching helps organizations remain ahead of potential security threats. Therefore, security patches should be applied to the Linux kernel as soon as they are made available. Doing so ensures that the kernel remains up to date with the latest security updates, bug fixes, and performance improvements. A live patching approach, in particular, offers a revolutionary way to address security vulnerabilities without causing any unnecessary downtime.