Tom Olzak

Security Tip: Patching must include ALL applications

In Cybercrime, Hacking, Patching on October 6, 2009 at 07:14

Once again, patching isn’t just about plugging holes in Windows.  Most if not all applications have security vulnerabilities if someone looks hard enough.  Up until now, however, finding those vulnerabilities was harder than just whacking the OS.  But Microsoft has settled into a patch release routine that, when followed, pretty well hardens servers and user workstations.  And although there are still vulnerabilities, the level of effort required to find and exploit them has become harder—more difficult than shifting focus to widely installed user applications.

Adobe is experiencing attacker-love now.  They are a good target because their reader is everywhere. 

Adobe’s software has increasingly come under attack in recent years as hackers have come to realize that it can be easier to find flaws in popular software that runs on top of Windows than to dig up new vulnerabilities in the operating system itself.

That’s led to a round of new attacks that exploit bugs in products such as Adobe’s Reader, Apple’s QuickTime, and the Mozilla Firefox browser, for example.

It’s a reality that Adobe Chief Technology Officer Kevin Lynch freely acknowledged Monday in a press conference at the company’s annual Adobe MAX developer conference, held in Los Angeles.

Source:  After attacks, Adobe patches now come faster, Robert McMillan, Computerworld, 6 October 2009

But Adobe isn’t the only end user application on your endpoints.  It’s critical to get ahead of the attack curve by developing an overall patch process today, BEFORE that new user productivity tool becomes a target.

%d bloggers like this: