October 26, 2016

Why Do We Need Patch Management?

(LiveHacking.Com) – Patch management is a key function for anyone working in IT and is responsible for the network. There are various reasons why patch management is so important and how, if neglected, can lead to service disruptions or give cyber criminals access to the network where they can steal data or cause serious damage.

Computers work by running software that performs different operations. Operating systems, for example, are a list of instructions which the computer runs one after the other in order to do a task that the vendor intended.

From time to time, vendors will see the need to update their products to improve performance or to address some security issue and patch management is the process that makes changes to a program as per vendor’s specifications.

Why Would a Vendor want to update their software?

GFI LanGuard shows missing updates

GFI LanGuard shows missing updates

The primary reason is that the software contains errors. Errors in coding or more specifically in the logic flow of a program can lead to a malicious attacker exploiting the logic to make the program perform in a way that the vendor never intended it to. This could cause either a service disruption or, even worse, allow an attacker to manipulate the program so that it runs the code the attacker wants and, in so doing, giving him or her control over the system.

Programs are quite complex and based on millions of lines of such instructions. It is fair to say that every piece of software contains errors which cause some type of side effect. In many cases, these errors often go unnoticed, however if an error causes a major problem, then a vendor is in a race against time to correct the problem. The longer it takes to correct the errors, the greater the window of opportunity for malicious people exploit the error and target those who are using the software.

What are the risks if a system is unpatched?

Systems that are not regularly patched can experience a number of issues, including:

  • Intrusions – Malicious attackers can gain access to your system and:
    • Turn it into a botnet – your computer is taken over and used to launch attacks on other computers or used to send spam
    • Steal Information and/or install mechanisms to spy on all that happens on that computer and other PCs on your network in the future
    • Create /Install a Backdoor or Rootkit – The attacker might install software allowing him easy access to the computer even if the issue is subsequently patched
    • Hacktivism – The attacker might gain access to your web server in order to change it to display political/activism messages
    • Beachhead – the attacker might use this machine to run further attacks on your network to gain access to more critical/valuable systems
  • Denial of Service – The attacker might use the coding error to crash your system
  • Stability – Coding Errors are a problem not only when someone tries to exploit them but bad code can cause a system to fail on its own if not fixed.
  • Performance – Sometimes a vendor may issue a patch to boost the program’s performance and provide additional value to the customer.

Vendors do not issue patches if it is not essential for their customers. Creating a Patch involves a lot of work for a vendor in terms of development and testing. A robust patch management policy and system can help administrators promptly install patches when a vendor issues them and thereby ensure that systems are up-to-date and error-free.

Editor Note: This guest post was provided by Emmanuel Carabott on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Read more on patch management.

Disclaimer: All product and company names herein may be trademarks of their respective owners.


Microsoft Fixed Serious Spoofing Vulnerability in the Secure Sockets Layer (SSL)

Microsoft has updated its operating systems to fix a potentially serious spoofing vulnerability in the secure sockets layer (SSL) protocol. TLS and SSL encrypt the segments of network connections at the Application Layer to ensure secure end-to-end transit at the Transport Layer.

Microsoft Released Security Patch for SSL

Microsoft on Tuesday August 10, 2010, released MS10-049 to fix the bug in Windows Server 2008, Windows 7 and 12 other versions of Windows that are still under support. The patch updates a part of the operating system known Secure Channel (SChannel), which is responsible for implementing SSL/TLS (transport layer security).

According to TheRegister, Microsoft’s update follows the revision in January of RFC 5246, the request-for-comments document that previously mapped out the technical specifications for the protocol. The new controlling blueprint for SSL/TLS communications is RFC 5746. Since then, other packages, including OpenSSL, RedHat Linux and Oracle’s Java, have also been patched.

Microsoft rated the severity of the vulnerability as “important,” the second-highest classification on its four-tier scale. The bulletin correctly said the SSL vulnerability could be exploited only in concert with another attack – such as ARP spoofing or DNS cache poisoning – that allowed someone to perform a man-in-the-middle attack.

Read more about this news here.

Source: [TheRegister]