8 Elements of Complete Vulnerability Management
Eight essential elements to help reduce your vulnerability to hackers.
Businesses should brace themselves for a significant Patch Tuesday tomorrow, based on information given by Microsoft in its advanced notification bulletins released last week. A total of 16 security bulletins are expected to be released tomorrow, of which nine are rated "critical" and the remaining seven tagged as "important."
It is understood that all the critical vulnerabilities address potential remote code execution (RCE), a term used to signify the ability for attackers to execute arbitrary code on the target machine. Consisting of either shell code or machine code, a properly crafted remote code execution exploit can allow a hacker to gain control of a software process and, with privilege escalation, even take over the entire server or workstation without further action or opportunity to deflect the attack. Obviously, system administrators will want to move fast to fix any known RCE flaws.
What is probably even more concerning, though, has to do with the fact that the majority of the bugs span across multiple versions of the Windows operating system. This ranges from Windows XP Service Pack 3 to the latest Windows 7 in both 32-bit and 64-bit flavors. Other affected products include various versions of Excel from Microsoft Office XP, 2003, 2007, 2010 and even Microsoft Office for Mac. Version 6, 7, 8 and 9 of Internet Explorer will see multiple patches for critical vulnerabilities, according to InformationWeek, while the .NET framework and the company's popular Visual Studio product are also affected by important vulnerabilities. In a nutshell, no Windows shop can afford to ignore or put off June's Patch Tuesday.
It is highly recommended that administrators test the updates on the machines in their SMBs and apply them as soon as possible. Given the wide remit of this update, the IT department will obviously be in for a busy week, a sentiment that Paul Henry, forensic and security analyst at Lumension, concurs with:
This will be a long hot summer for IT professionals and there is just no room to slow down.