Regular Patching Beats Cyber Threats, Says Expert

A security expert has warned of the importance of regular patch updates, just after Microsoft issued its Patch Tuesday update for April to fix known security flaws in Windows-related software and applications.

Over the past six months, Norwegian security and forensics malware specialist Norman ASA has discovered and reported several Windows kernel vulnerabilities that potentially could be utilised by attackers to fully compromise a system and leave users open to serious cyber-attacks.

The company said kernel security research is vital because kernel vulnerabilities affecting core operating system components are very hard to detect and defend against.

Don’t Forget Linux

While Windows vulnerabilities receive wide attention, Norman security experts also warned that IT administrators in enterprises, government and small to midsize businesses (SMBs) should focus on patch management involving all major operating systems, including Microsoft Windows, Linux, Mac OS, Sun Solaris and HP.

In addition, rapid, accurate and secure patch management should be used for the popular applications from Microsoft, Adobe and Apple.

The company’s report noted unpatched operating systems and applications often result in expensive losses and damage. “Nearly two-dozen software vulnerabilities are discovered each day, so IT departments need to make patching a top priority,” the company report said.

Patch Tuesday

On Tuesday Microsoft released 17 security bulletins, including nine that are rated “Critical” and eight rated “Important.” Fifteen of the bulletins address vulnerabilities that allow attackers to remotely execute code. All totalled, the bulletins will address 64 vulnerabilities spanning Windows, Office, Internet Explorer, Visual Studio, .NET Framework and the Graphics Device Interface (GDI+).

Affected operating systems include Windows XP, Windows XP Professional x64 Edition, Windows Server 2003, Windows Server 2003 x64 Edition, Windows Vista (32-bit and 64-bit), Windows Server 2008 and Windows 7.

There are updates for Internet Explorer 6 through 8. Despite Microsoft’s attempts to sunset IE6, it appears IE6 bugs in Windows XP and Windows Server 2003 have been addressed. The patches cover commonly used Office applications, including Microsoft Excel 2002 through 2010, Microsoft PowerPoint 2002 through 2010, and Microsoft Office 2004 for Mac through 2011.

“IT departments should make patch and remediation a priority,” said Audun Lodemel, vice president of marketing for Norman. “Remember to look into all your OS platform and applications vulnerabilities, not just focus on Microsoft issues around Patch Tuesday.”

Nathan Eddy

Nathan Eddy is a contributor to eWeek and TechWeekEurope, covering cloud and BYOD

Recent Posts

FTX’s Sam Bankman-Fried Sentenced To 25 Years In Prison For $8bn Fraud

Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…

19 mins ago

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

1 hour ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

3 hours ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

6 hours ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

6 hours ago

Dutch PM Raises Cyber Espionage Case With China’s Xi

Beijing visit sees Dutch Prime Minister Mark Rutte discuss cyber espionage incident with Chinese President…

7 hours ago