Marcus Carey, security researcher at Rapid7
December 01, 2011
Threat of the month

Threat of the month: Unpatched applications

What is it?
Organizations are routinely compromised through unpatched applications, many of which have had patches available for more than a year.

How does it work?
Attackers tend to use publically available exploits, which means they only need to worry about delivery mechanisms. While most public exploits have patches available, organizations aren't patching as they should.

Should I be worried?
It is hard to find an organization that isn't affected by patch management failures. This should be the highest priority because patches address the root cause of security holes.

How can I prevent it?
Most obviously, enterprises should deploy patches as soon as they become available. Further, they should limit administrator privileges to a small number of people to prevent rogue application installation. Admins should also consider deploying a vulnerability management solution to scan networks for unpatched software.
From the December 2011 Issue of SCMagazine »
Similar Articles

Sign up to our newsletters

More in News

Three LulzSec members plead guilty in London

Ryan Ackroyd, 26; Jake Davis, 20; and Mustafa al-Bassam, 18, who was not named until now because of his age, all admitted their involvement in the hacktivist gang's attack spree.

WordPress tightens security with two-factor authentication

The new feature is immediately available for users and "secret" codes can be accessed via SMS or through the Google Authenticator app.

Microsoft fixes three "critical" flaws with Patch Tuesday release

The biggies are two vulnerabilities in Internet Explorer and a single weakness in Remote Desktop Connection.