Cato Networks developed a workaround for a zero-day vulnerability recently found in Microsoft Office. Customers of Cato Networks are immune to the vulnerability.

Cato Networks provides a Secure Access Service Edge service (SASE). The service has two components. First, it connects customers’ applications and employees to a Software-Defined Wide Area Network (SD-WAN). Second, Cato Networks secures network traffic with various security solutions, including anti-malware and an intrusion prevention system (IPS).

Security solutions need maintenance. New vulnerabilities are rarely recognized by existing technology. If a researcher or organization publishes a zero-day vulnerability, security vendors adapt their systems to recognize the vulnerability. As a result, the system can remind customers to patch vulnerable software, among other things.

Some vendors go the extra mile. Cato Networks implemented a workaround for a zero-day vulnerability recently found in Microsoft Office. This means that Cato Networks customers are immune to the vulnerability. For them, patching is optional. Cato Networks’ systems make it impossible to abuse the vulnerability.

How does the workaround work?

Not all zero-day vulnerabilities can be solved with workarounds. Sometimes, a patch is necessary. In this case, Cato Networks was able to accurately determine the steps that cybercriminals need to take to abuse the vulnerability. Cato’s security systems were then modified to block each step.

The zero-day in Microsoft Office can only be exploited with a payload. If a cybercriminal succeeds in moving the payload onto a victim’s device, the payload must be activated via a signal. This signal is sent over the network. Cato Network adapted its anti-malware system to recognize the payload, making it impossible for network users to download the payload. The organisation then tinkered with its Intrusion Prevention System (IPS), which now intercepts the payload’s activation signal.

The importance of third-party security

Cato Networks customers were protected within hours of the vulnerability’s announcement. In this case, Microsoft immediately published a patch. Sometimes, that can take months. Various major software developers spent weeks developing a patch for the notorious vulnerability in Log4j. In those circumstances, security vendors are essential.