This article is a replay of recent blog but it has a great quote, its part of a pretty busy day on the Google News for "patch management"
“Waves of targeted e-mail attacks, often called 'spear phishing,' are exploiting client-side vulnerabilities in commonly used programs such as Adobe PDF Reader, QuickTime, Adobe Flash and Microsoft Office,” the report states. “This is currently the primary initial infection vector used to compromise computers that have Internet access.”
What floors me is that I wrote software to detect the first Microsoft patch about 12 years ago and people are still not getting patches out. Proper patch management software is very difficult to do correctly so I know why most vendors such as Microsoft and Symantec do not bother to get it right, but there are other vendors who do it well. Not only us be clear. Just go out and buy one that works for you, roll it out and use it. It will take a few hours a month, the cost is reasonable and the problem solved. Even if these articles are a bit of vendor hype, the risk is real and the solutions are there.
Comments