Once the malicious JavaScript is executed, attackers gain control of the admin session with full permissions to remotely control endpoints and install software on devices.
Against this background, Nick Tausek, security specialist at Swimlane, warned: “Exploiting this vulnerability would give attackers access to many managed devices at the same time and allow them to execute malicious code, deploy ransomware or exfiltrate sensitive data.”
The challenge of patching
Despite the urgency of such threats, organizations often find it difficult to quickly patch critical vulnerabilities: Swimlane research found that 68 percent of organizations leave critical vulnerabilities unpatched for more than 24 hours. In addition, 55 percent do not have a comprehensive system for prioritizing vulnerabilities.