Kaspersky Lab recently discovered what it called an undocumented feature in Microsoft Word that can be used in...
a proof-of-concept attack. Are such undocumented features common in enterprise applications? What steps should you take if you come across one?
Undocumented features is a comical IT-related phrase that dates back a few decades. Many software developers, vendors and tech support professionals use the term undocumented features because it is less harsh than the word bug.
Furthermore, it represents sort of a catch-all for all of software's shortcomings. If it's a true flaw, then it's an undocumented feature. If it's a bug, then it's still an undocumented feature. And if it's anything in between -- well, you get the point.
In reality, most if not all of these so-called proof-of-concept attacks are undocumented features that are at the root of what we struggle with in security. We don't know what we don't know, and that creates intangible business risks. The software flaws that we do know about create tangible risks. Either way, this is problematic not only for IT and security teams, but also for software developers and the business as a whole.
With that being said, there's often not a lot that you can do about these software flaws. In many cases, the exposure is just there waiting to be exploited. However, there are often various types of compensating controls that expand from the endpoint to the network perimeter and out to the cloud, such as:
- proper malware protection that can detect and defend against today's advanced malware;
- host-based IPS;
- data loss prevention and cloud access security broker technologies to prevent data from being captured and exfiltrated;
- network segmentation and perimeter controls, including firewalls and IPS, that can monitor and block anomalous traffic in both directions;
- proper security monitoring, logging and alerting; and
- a solid patch management program that not only targets updates to local operating systems, but also to third-party software, such as Microsoft Word, Java and Adobe products.
If just one of these items is missing from your overall security program, that's all that it takes for these undocumented features and their associated exploits to wreak havoc on your network environment.
Ask the expert:
Want to ask Kevin Beaver a question about security? Submit your question now via email. (All questions are anonymous.)
Dig Deeper on Microsoft Windows security
Related Q&A from Kevin Beaver
Android Oreo replaced the allow unknown sources setting with a new feature that enables users to selectively install unknown apps. Kevin Beaver ... Continue Reading
Equifax's Apache Struts vulnerability was an example of a scan not being read correctly. Kevin Beaver explains vulnerability scans and how issues can... Continue Reading
Several vulnerabilities were recently discovered in Android bootloaders via the BootStomp tool. Kevin Beaver explains how they work and what risk ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.