alphaspirit - Fotolia

Q
Problem solve Get help with specific problems with your technologies, process and projects.

How should undocumented features in software be addressed?

Kaspersky Lab recently discovered an undocumented feature in Microsoft Word. Expert Kevin Beaver explains the risks and what to do if you come across one of these software flaws.

Kaspersky Lab recently discovered what it called an undocumented feature in Microsoft Word that can be used in a proof-of-concept attack. Are such undocumented features common in enterprise applications? What steps should you take if you come across one?

Undocumented features is a comical IT-related phrase that dates back a few decades. Many software developers, vendors and tech support professionals use the term undocumented features because it is less harsh than the word bug.

Furthermore, it represents sort of a catch-all for all of software's shortcomings. If it's a true flaw, then it's an undocumented feature. If it's a bug, then it's still an undocumented feature. And if it's anything in between -- well, you get the point.

In reality, most if not all of these so-called proof-of-concept attacks are undocumented features that are at the root of what we struggle with in security. We don't know what we don't know, and that creates intangible business risks. The software flaws that we do know about create tangible risks. Either way, this is problematic not only for IT and security teams, but also for software developers and the business as a whole.

With that being said, there's often not a lot that you can do about these software flaws. In many cases, the exposure is just there waiting to be exploited. However, there are often various types of compensating controls that expand from the endpoint to the network perimeter and out to the cloud, such as:

  • proper malware protection that can detect and defend against today's advanced malware;
  • host-based IPS;
  • data loss prevention and cloud access security broker technologies to prevent data from being captured and exfiltrated;
  • network segmentation and perimeter controls, including firewalls and IPS, that can monitor and block anomalous traffic in both directions;
  • proper security monitoring, logging and alerting; and
  • a solid patch management program that not only targets updates to local operating systems, but also to third-party software, such as Microsoft Word, Java and Adobe products.

If just one of these items is missing from your overall security program, that's all that it takes for these undocumented features and their associated exploits to wreak havoc on your network environment.

Ask the expert:
Want to ask Kevin Beaver a question about security? Submit your question now via email. (All questions are anonymous.)

This was last published in January 2018

Dig Deeper on Microsoft Windows security

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

How does your organization differentiate between software flaws and undocumented software features?
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close