Rezilion announced the availability of MI-X, a newly created open-source tool developed by Rezilion’s vulnerability research team that made its debut this week at Black Hat Arsenal. Available as a download from the GitHub repository, it is a CLI tool that can help researchers and developers know if their containers and hosts are impacted by a specific vulnerability, thus allowing organizations to target remediation plans more effectively.
“Cybersecurity vendors, software providers and CISA are issuing daily vulnerability disclosures alerting the industry to the fact that all software is built with mistakes that must be addressed, often immediately. With this influx of information, the launch of MI-X offers users a repository of information to validate exploitability of specific vulnerabilities creating more focus and efficiency around patching efforts,” said Yotam Perkal, Director, Vulnerability Research at Rezilion. “As an active participant in the vulnerability research community, this is an impactful milestone for developers and researchers to collaborate and build together.”
Current Vulnerability Tools Don’t Factor In Exploitability
Each day, organizations grapple with a litany of critical and zero-day vulnerabilities and scramble to understand if they are affected by that vulnerability before a threat actor figures it out first. Many times, their existing tools cannot help them make this determination. That’s because in order to do so, organizations need to:
- First, identify the vulnerability in their environment
- Ascertain whether that vulnerability is actually exploitable in order to have a mitigation/remediation plan in place.
What organizations need is a tool that can answer the two questions above. Current vulnerability scanners take too long to scan, don’t factor exploitability, and based on the nature of a specific vulnerability often miss it altogether – as was the case with the recently discovered Log4j vulnerability. The lack of tools gives threat actors a lot of time to exploit a flaw and do major damage.
MI-X helps you to understand if you are actually affected by a specific vulnerability
Using MI-X, organizations can identify and establish the exploitability of 20+ high-profile CVEs within their environment, including hosts and containers. The tool can easily be updated to include coverage for new critical and zero-day vulnerabilities.