It’s nearly impossible to escape computer-based information in today’s high-tech society. From doctors’ offices to hardware stores, organizations and companies of all sizes record, track and transmit data electronically – making it an integral part of daily business and commerce. But with this increased dependency comes greater risk. Security failures, information exposure and privacy invasion is far greater in today’s electronic-based world. The risk of insecure data not only concerns consumers – who are wary of fraud, identity theft and privacy – but greatly concerns businesses, which can be held liable for information that is unintentionally exposed, despite a firm’s best efforts to protect such data.

Instant access

Unlike paper-based storage, which requires physical access to compromise, today’s electronic files are virtually accessible anywhere in the world. Security vulnerabilities in software applications, electronic files or computer operating systems can be quickly exploited to inflict serious damage: accessing private or secure data; stealing passwords or identities; performing unauthorized financial transactions; examining personal health records; or capturing sensitive network data.

The majority of software vulnerabilities today are found in Microsoft-based products – primarily because they are the most widely used software on the planet. And while Microsoft releases more than just vulnerability fixes on Patch Day – also providing software updates that add new features to existing products – the security patches almost always grab the most attention, because they expose what are dangerous weaknesses in widely used software products.

Patch and go


So what’s all the fuss? Just install the security patches and you’re safe, right? Unfortunately, no. As IT professionals will attest, it can be extremely difficult to test and apply the necessary patches to every vulnerable computer within an enterprise before exploits become public. Compounding the matter, some patches can actually interfere with, or “break” existing software applications, adding to the time it takes to determine which patches can be applied and which need to be tested within a given organization’s network.

Moreover, many still handle patch management manually, physically going to every computer on the network to download and install patches. For enterprises with hundreds or thousands of PCs, including mobile workers and remote offices, manually applying patches has proven to be an impossible task. As a result, network administrators fall behind, and critical patches often aren’t applied as quickly as needed.

No time to lose

Moments after the news of a new patch release, malware-writers start identifying security vulnerabilities and writing code to take advantage of flaws. For example, the patches for the RPC/DCOM flaws were released just 20 days prior to the onslaught of the Blaster worm attack in 2003.