GFI
Managing and administering software updates remains one of the most challenging and resource-intensive
tasks an IT Department undertakes on a daily basis.
While software updates serve many important roles, be it delivering feature improvements or fixing bugs and security vulnerabilities, they bring with them a number of potential challenges for the IT Department in terms of ensuring systems are up-to-date, that new problems are not introduced by patches designed to fix things, and updates do not create compatibility or instability issues. All this needs to be done while ensuring that updates are pushed to PCs as quickly as possible to prevent vulnerabilities being exploited. The constantly
evolving software landscape makes patch management an important consideration for all IT decision makers,regardless of organization size.
Software that is not kept up-to-date with the latest patches and version updates runs the risk of creating weak points in your organization’s security strategy, placing servers and client devices at risk from exploitation by malware, hacking attacks, as well as increasing the risk of reliability-based failure and data loss. The number of vulnerabilities in software commonly found on client PCs grew by 71 percent between 2009 and 2010 . This jump is due in large part to problems occurring within third-party applications, rather than with issues directly
related to the underlying Windows operating system (OS) or Microsoft-produced application software.
Effective patch management improves reliability and IT efficiency, automating many of the administrative
tasks associated with deploying software updates while minimizing the amount of downtime associated with patch deployment, patch auditing and patch roll-back.
tasks an IT Department undertakes on a daily basis.
While software updates serve many important roles, be it delivering feature improvements or fixing bugs and security vulnerabilities, they bring with them a number of potential challenges for the IT Department in terms of ensuring systems are up-to-date, that new problems are not introduced by patches designed to fix things, and updates do not create compatibility or instability issues. All this needs to be done while ensuring that updates are pushed to PCs as quickly as possible to prevent vulnerabilities being exploited. The constantly
evolving software landscape makes patch management an important consideration for all IT decision makers,regardless of organization size.
Software that is not kept up-to-date with the latest patches and version updates runs the risk of creating weak points in your organization’s security strategy, placing servers and client devices at risk from exploitation by malware, hacking attacks, as well as increasing the risk of reliability-based failure and data loss. The number of vulnerabilities in software commonly found on client PCs grew by 71 percent between 2009 and 2010 . This jump is due in large part to problems occurring within third-party applications, rather than with issues directly
related to the underlying Windows operating system (OS) or Microsoft-produced application software.
Effective patch management improves reliability and IT efficiency, automating many of the administrative
tasks associated with deploying software updates while minimizing the amount of downtime associated with patch deployment, patch auditing and patch roll-back.
Importance of patch management
The process of keeping a PC or a server fully patched is easier today than ever, thanks in part to the moves of several key software vendors to build automated update checking into their applications, as well as the highlydeveloped Microsoft update service, which can download and, in many cases, install updates in the background without requiring user input or a system reboot. Nonetheless, the installation of patches, if left solely to the user,
can be overlooked, leading to known vulnerabilities being left unaddressed and ripe for exploitation.
By virtue of being an application and OS vendor, Microsoft attracts the most attention when it comes to issuing and installing software updates. However, the majority of known application vulnerabilities continue to come from third parties, while the smallest percentage of threats resides in the OS itself. The implications of thirdparty software on PC security and reliability is further challenged by the role of browser plug-ins, media player codecs and other bolt-on code that works in conjunction with an existing application or system service.
The vulnerability challenges posed by third-party applications can best be illustrated by looking at the most targeted applications. Using 2010 data from the US National Vulnerability Database, we can see that of the top 10 applications targeted for vulnerabilities, ranked by total number of targeted vulnerabilities, nine were thirdparty applications:
The process of keeping a PC or a server fully patched is easier today than ever, thanks in part to the moves of several key software vendors to build automated update checking into their applications, as well as the highlydeveloped Microsoft update service, which can download and, in many cases, install updates in the background without requiring user input or a system reboot. Nonetheless, the installation of patches, if left solely to the user,
can be overlooked, leading to known vulnerabilities being left unaddressed and ripe for exploitation.
By virtue of being an application and OS vendor, Microsoft attracts the most attention when it comes to issuing and installing software updates. However, the majority of known application vulnerabilities continue to come from third parties, while the smallest percentage of threats resides in the OS itself. The implications of thirdparty software on PC security and reliability is further challenged by the role of browser plug-ins, media player codecs and other bolt-on code that works in conjunction with an existing application or system service.
The vulnerability challenges posed by third-party applications can best be illustrated by looking at the most targeted applications. Using 2010 data from the US National Vulnerability Database, we can see that of the top 10 applications targeted for vulnerabilities, ranked by total number of targeted vulnerabilities, nine were thirdparty applications: