Patch Management – Are you Ready for Christmas?

Scott Calonico

patch management graphicDo you think you’re doing enough to manage patches and updates on your client sites?

You do? If so, consider your answers to the following questions:

Are you using Windows Server Update Services? If so, good, it’s a start.

Do you have a solid process for managing WSUS? Are you regularly checking for updates that need authorizing?

Are you checking that user machines are actually getting updated? How long ago did you manually check a few machines for the most recent updates?

What about remote laptops? Do you have procedures in place to make sure machines that rarely get brought into the office are kept protected?

If you’ve answered all of these questions with smug confidence, then you’re doing OK – but just OK. Here are a couple more questions for you:

  • Are you regularly patching third-party software? Vulnerabilities in things like Flash and Adobe Reader have caused some pretty serious damage over recent years.
  • How about plugins? Are you confident that user’s browsing sessions are properly secure?

Are you still feeling confident? If you are, the chances are you’ve implemented a quality patch management system. That’s a good thing – but you are part of a privileged minority that is able to break for Christmas with true peace of mind. A recent survey suggests that many people don’t have things quite as well organised as you do.

Security firm Qualys recently offered a free security test to computer users. They found that almost half of the machines they tested had critical vulnerabilities within their Web browsers.

Patch Browsers and Extensions

The browsers themselves weren’t really the problem. In fact, the statistics were fairly pleasing on this web browser imagescore: 90-percent of Google Chrome installations were up to date, as were 85-percent of installations of Firefox. Internet Explorer didn’t perform quite as well, with just 75-percent of up to date installs, but this still wasn’t a terrible performance.

The problem arises once you get into plugins and browser extensions. 90-percent of up-to-date Chrome installs sounds great, but 40-percent of Chrome users are still vulnerable because of out-of-date plugins. The figures for IE and Firefox are 41-percent and 35-percent respectively. Put together, this means that nearly 40-percent of the users tested are browsing the Web with abandon, unaware that their browser software is essentially unsafe.

Taking Control of Your Patch Management

The lesson to learn here is that even if you confidently read most of the questions at the start of the article, you could still be open to vulnerabilities unless your patching practices stretch right down into browser extensions – things like Shockwave and Quicktime.

The good news is that there are patch management systems out there that treat these patches with as much importance as those for core operating systems. You should treat them with that level of importance too, or risk having the festive season disrupted with an unexpected security breach.