Cookies help us display personalized product recommendations and ensure you have great shopping experience.

Security

The Sum of All Fears: From Vulnerability to Exploit, the Importance of Patch Management

onlinetech
onlinetech
3 Min Read

Why is patch management so important? If your servers aren’t updated and managed properly, your data and applications are left vulnerable to hackers, identity thieves and other malicious attacks against your systems.

Why is patch management so important? If your servers aren’t updated and managed properly, your data and applications are left vulnerable to hackers, identity thieves and other malicious attacks against your systems.

And when it comes to sensitive data and national industry compliance standards, such as HIPAA and PCI DSS compliance, your company can’t afford to suffer a data breach or theft, as the fines and estimated financial loss per data breach record continues to rise each year.

More Read

managed cloud hosting
Delivering Security And Operational Efficiency In Multi-Cloud Environments
Wave of Cloud Security Concerns After Another Celebrity Leak
I Haven’t Trusted My Toaster for 15 Years
Secure Lava Lamps, and Why True Internet Security Is Hard to Come by
Grab your Popcorn…Things are about to get really weird

The above video was a concept exploit of the recent vulnerability MS11-83.  The theory behind MS11-83 is that you can send specially crafted UDP packets to a target machine and gain access to it, whether the port is closed or not.

By comparison, the much talked about Stuxnet variant “Duqu” uses a Win32k TrueType font parsing engine vulnerability to inject itself into target machines.  Unlike MS11-83, Duqu is a real-world example of the exploit that has the ability to cause considerable damage and spread itself by embedding itself into Microsoft Word documents sent as email attachments or even USB keys.

In each of these cases these vulnerabilities are known, and fixes have been released (though in Duqu’s case, there is only a temporary patch), and have been disseminated down to WSUS servers and individual computers worldwide.  While MS11-083 has been patched within a week, Duqu was detected in the middle of October, with Microsoft releasing an advisory three weeks later.  This exemplifies the importance of immediate patch management.  One can little afford to not keep their public facing servers up-to-date with the latest patches.

Security is a paramount concern of clients, but so is the stability of your IT operations. Clients often mix and match patching levels to balance these two concerns. At Online Tech, we offer three different levels of patch management, notify clients of outstanding updates waiting to be applied, and offer any assistance with patch installation to ensure comprehensive security measures are implemented accurately and timely.

References:

Microsoft Security Bulletin MS11-083 – Critical
Microsoft Security Advisory: Vulnerability in TrueType Font Parsing Could Allow Elevation of Privileges
JFY: ms11-083
Duqu Exploits Same Windows Font Engine Patched Last Month, Microsoft Confirms

Share This Article

Follow us on Facebook

Latest News

AI role in medical industry
The Role Of AI In Transforming Medical Manufacturing
Artificial Intelligence Exclusive
b2b sales
Unseen Barriers: Identifying Bottlenecks In B2B Sales
Business Rules Exclusive Infographic
data intelligence in healthcare
How Data Is Powering Real-Time Intelligence in Health Systems
Big Data Exclusive
intersection of data
The Intersection of Data and Empathy in Modern Support Careers
Big Data Exclusive

Stay Connected

You Might also Like