Impact of Artificial Intelligence on software patching

Indelible Data offers a range of packages for Cyber Essentials certification.

 

With the influx of people using Artificial Intelligence (AI), such as the revolutionary “ChatGPT”, for a multitude of reasons, it was only a matter of time before criminals started to use it to help develop malicious software, writes Cyber Scheme Team Member Jason McNicholas.

Recently, AI was used to help create an exploit for a Microsoft Outlook vulnerability, with just an hour of work, within two days of the security patch being released. This patch had a CVSS 3.1 score of 9.8 which means it would be seen as a high risk/critical security update.

It is likely that this is only the beginning of AI being used by cyber criminals to exploit systems with known vulnerabilities, and highlights the need for software patching to be prioritised.

IT departments that are of the mind-set that they need only patch their systems monthly to avoid recently discovered vulnerabilities being exploited, must now act to ensure a more regular update regime.

Help protect your organisation using Cyber Essentials.

Cyber Essentials can help identify these vulnerabilities before exploitation by Artificial Intelligence.

The Cyber Essentials Scheme states that software with known Critical/High scoring vulnerabilities must be patched within 14 days.

Here is the LinkedIn post from the security researcher who created this exploit: https://www.linkedin.com/feed/update/urn:li:activity:7042266344339234816/

This is the article created about how the exploit works: https://www.mdsec.co.uk/2023/03/exploiting-cve-2023-23397-microsoft-outlook-elevation-of-privilege-vulnerability/