Monday, April 21, 2014

REPORT: Patch Management Requires "Automated Approach" to Avoid Cybercrime

Originally published at CBROnline.com on 15 April 2014
---------------
Research reveals a 128.6% rise in vulnerabilities for Microsoft products in 2013 compared to 2012.
by Amy-jo Crowley
Businesses need an automated approach to patch management, according to Secunia's latest annual vulnerability report which revealed 13,073 vulnerabilities in over two thousand products from 539 vendors.

The security firm, which provides vulnerability intelligence for governments, Deutsche Bundesbank and Commerzbank, found 727 vulnerabilities in Internet browsers including Internet Explorer, Chrome, Opera, Firefox and Safari, and 192 in Microsoft products, representing a 128.6% increase compared to 2012.

The research also revealed 70 vulnerabilities in PDF readers Adobe Reader, Foxit Reader, PDF-XChange Viewer, Sumatra PDF and Nitro PDF Reader.

Kasper Lindgaard, head of research at Secunia, told CBR despite the high number of vulnerabilities, one exploit is all hackers need to impact security.

"No business, large or small, can manually patch all the vulnerable programmes in their infrastructure and keep them patched all the time," he added.

"To patch vulnerabilities in your software you need visibility of your environment to understand where the vulnerability is present and what assets hackers can access through the vulnerability, to determine how critical it is to your business."

He said that the way to protect PCs from hackers exploiting vulnerabilities in software is to apply security patches as soon as they become available.

"With thousands of vulnerabilities discovered each year, it is easy to understand, that a) you need to keep your software programs patched, and that b) you need some form of automated approach to patch management," he said.