Catch The Patch Batch

Keep your OS and applications up to date with automated updates and patches and by regularly reviewing the vendors’ product update sections on their websites.

Sometimes it seems that the whole world assumes that the only vendor that suffers from vulnerabilities is Microsoft. To see how misleading claims like this can be, check out the weekly “Consensus Security Vulnerability Alert” published by SANS (see http://portal.sans.org). In recent years, vulnerabilities in applications have become a serious threat (arguably more so than OS vulnerabilities).

Unfortunately, users are far less savvy about patching third-party applications than they are about patching the operating system. However, this vector will also decline in impact as application vendors learn to tighten their quality control and patching methodologies.

Ericka Chickowski goes into some more detail on the vulnerabilities of 5 third-party vendor applications and equipment and the urgent need to patch these applications and devices – namely, Java-enabled devices, Printers, Routers, ERP Software, and Databases; all of which suffer from neglect when it comes to patch management – in her article, “5 Systems You’re Forgetting To Patch”, http://www.darkreading.com/vulnerability-management/167901026/security/news/240005971/5-systems-you-re-forgetting-to-patch.html?cid=nl_DR_daily_2012-08-22_html&elq=f3f56ae21c164ea09473836b2a6c4394. This reading is highly recommended.