Security vulnerabilities are known to appear in operating systems and applications over the course of time. It is the role of the vendors to preserve the integrity of these products by providing patches to resolve any issues that arise. More importantly, it is up to the end-users of these products to ensure that the software and systems that they use are always up-to-date. This provides them with the highest chance to defend against potential threats.
The absence of a structured patch management process is a major issue that many companies around the world are facing. Especially when the majority of individual users in companies do not concern themselves with updating their systems and software, and see it as an inconvenience. Therefore, it is up to IT security departments to ensure that preventive measures are in place.
Impact of Outdated Software & Systems
When a security patch is released, it suggests to attackers that the software or system has a vulnerability that they can exploit. Some of the major examples over the past year are:
- BlueKeep Vulnerability in the Remote Desktop Protocol
- Pulse Secure and Fortinet VPNs
- Windows 10 Security Bug Announced by Microsoft and NSA
- Citrix Application Delivery Controller
- Cisco Data Center Network Manager
- Chrome Zero-day
- Mozilla Firefox
- Exim Email Servers
The repercussions of not patching Pulse Secure VPNs software has recently caused Travelex to fall victim to a ransomware attack, with an asking price of $3 million. This is a prime example of a company that was informed about the vulnerability, but did not set priority to patching it. Additionally, the FBI announced that multiple US government entities have also fallen victim to exploits of their Pulse Secure VPN, allowing attackers to extract user accounts and host configurations, leading them to further access internal networks.
For further details, click the download button below!