Exercise: Recommending Remediation Strategies

• CVE-2020-0609 Remote code execution
• CVE-2019-7183 Error handling
• CVE-2019-1483 Windows priv escalation
• CVE-2019-16444 Adobe Acrobat
• CVE-2019-8512 iOS issue
• CVE-2014-3211 Publify software
• CVE-2019-20669 Netgear

Context

The company primarily uses Windows, but there are a few Apple devices as well. Last year the company started paying special attention to access security and put a privileged access management solution in place. In addition, to reduce risks, administrative rights have been removed from end-user devices, and Windows Remote Desktop Gateway (RD Gateway) has been disabled from all company systems through a group managed security policy.

QUESTION:

Assume that each issue takes 15 days to fix, and you only have resources to fix two at a time. Which issues would you place in each of the mitigation strategy buckets for the next 30 days?