An event referred to as spring cleaning, where we take some time from our regular routines to focus on bringing order back to our homes. We remove the junk that has accumulated, and clean and organize the remaining items so they look good again.
The CIS provide a solid basis on which to organize any security program.The two basic controls to start with are inventory and control of hardware and software assets.
Removing any extra systems got added, reducing the number of systems to be secured and the exposure to attack. Discovery tools are critical to finding forgotten and no longer used systems. Support staff attempting to reproduce a customer bug,development team creating test configurations, virtual machines are created, used, and unfortunately, left behind. These systems are often left up and running as these organizations move on with their daily jobs.
Once control gained over your hardware and software assets, you should take a look at reviewing and updating several other aspects of your security program.CIS controls, says re-evaluate your patch management program to ensure you are prioritizing and applying updates to systems at highest risk of exploitation.
There’s always more to consider when cleaning up – active defenses, data backup, disaster recovery, and so forth,least privileged access but if we start with some basic spring cleaning for having secured environment
Microsoft was back on track in April, releasing a much larger number of CVE fixes for their operating systems than in the previous months. Grace period with Microsoft is over because the final security updates for Windows 10 1803 and 1809, which were extended due to the pandemic, as well as Windows Server 1909, occur with the May release.
May 2021 Patch Tuesday forecast
- The final updates for three Windows 10 operating systems are coming this month. Windows 10 cumulative updates, security-only and monthly updates for the actively supported operating systems, and, of course, the Extended Security Updates (ESUs) for Windows 7 and Server 2008/2008 R2.
- Sharepoint Server and Microsoft Office will get its usual set of updates. It has been a while since we’ve seen a SQL server update, so one may be released.
- Google released security update 90.0.4430.93 on April 26 which addressed the zero day for CVE 2021-21224 and several CVEs. There may be an update coming as Google did release another update to the beta channel.
- Mozilla released security updates Firefox 88.0.1, Firefox ESR 78.10.1, and Thunderbird 78.10.1 this week probably no updates this month
