How Level helps admins deal with zero-day vulnerabilities

This year we’ve seen several high-profile zero-day vulnerabilities, the most recent being Follina. The challenge with zero-day vulns with operating systems is that patches for them typically take weeks (sometimes months) to release. In the interim, workarounds are typically recommended to remove the possibility of the threat being acted upon.

There is a challenging process gap when dealing with these workarounds. Good IT admins already have a patch management solution, like Level, in place to handle the mainstream updates via the normal channels. They also have an AV or EDR to handle threats in action. But most admins struggle with the gap between zero-day announcement and implementation of its workaround.

Automating the solution en masse

The good news is that usually workarounds are simple to implement for a single machine. They are often a registry edit (for Windows) or a file change. With a tool like Level, those changes are simple to push out to all devices.

Let’s take a look at Follina’s recommended workaround from Microsoft:

Disabling MSDT URL protocol prevents troubleshooters being launched as links including links throughout the operating system...

Follow these steps to disable:

1. Run Command Prompt as Administrator.
2. To back up the registry key, execute the command “reg export HKEY_CLASSES_ROOT\ms-msdt filename“
3. Execute the command “reg delete HKEY_CLASSES_ROOT\ms-msdt /f”.

Let’s turn this into a Level script.

Once the script is created, choose some test devices from the device list and run the script on them. If all looks good, push it to the rest!

This is where the power and simplicity of Level starts to set itself apart from other methods of pushing policies (we’re looking at you Active Directory Group Policy!) It took about 30 seconds for me to create the script and another 10 seconds to send it to thousands of devices! The command and it’s feedback are instantaneous.

We hope you’ll think of Level the next time a zero-day is revealed to the world. While other IT shops are running around with their pants on fire, Level techs will be enjoying their weekend!