Unlike paper-based storage, which requires physical access to compromise, today’s electronic files are virtually accessible anywhere in the world. Security vulnerabilities in software applications, electronic files or computer operating systems can be quickly exploited to inflict serious damage: accessing private or secure data; stealing passwords or identities; performing unauthorized financial transactions; examining personal health records; or capturing sensitive network data.
The majority of software vulnerabilities today are found in Microsoft-based products – primarily because they are the most widely used software on the planet. And while Microsoft releases more than just vulnerability fixes on Patch Day – also providing software updates that add new features to existing products – the security patches almost always grab the most attention, because they expose what are dangerous weaknesses in widely used software products.
Patch and go
So what’s all the fuss? Just install the security patches and you’re safe, right? Unfortunately, no. As IT professionals will attest, it can be extremely difficult to test and apply the necessary patches to every vulnerable computer within an enterprise before exploits become public. Compounding the matter, some patches can actually interfere with, or “break” existing software applications, adding to the time it takes to determine which patches can be applied and which need to be tested within a given organization’s network.
Moreover, many still handle patch management manually, physically going to every computer on the network to download and install patches. For enterprises with hundreds or thousands of PCs, including mobile workers and remote offices, manually applying patches has proven to be an impossible task. As a result, network administrators fall behind, and critical patches often aren’t applied as quickly as needed.
No time to lose
Moments after the news of a new patch release, malware-writers start identifying security vulnerabilities and writing code to take advantage of flaws. For example, the patches for the RPC/DCOM flaws were released just 20 days prior to the onslaught of the Blaster worm attack in 2003.
But even a short 20 days can seem long when compared to today’s zero-day exploits. The disclosure of the Windows Metafile (WMF) flaws in December 2005 immediately led to the discovery of over 80 active exploits. By the time Microsoft released a patch ten days later, enterprises were already at high risk of infection and there was no time to spare in getting the necessary patches in place.
What’s a company to do?