Microsoft, Adobe and Android patches galore – but which should you apply first?

Second data breach at OPM confirmedThe popularity of Patch Tuesday seems to be spreading, with more and more companies wanting to get in on the act. This week:

  • Microsoft’s August 11 Security Bulletin addressed 14 vulnerabilities, including four remote code execution vulnerabilities that have been rated ‘critical’.
  • Adobe released a massive Flash update, addressing the latest 30 vulnerabilities found to affect the notoriously buggy Flash Player on Windows, iOS, and Linux.
  • Several cellphone manufacturers have issued patches to address the Stagefright vulnerability, which is estimated to affect 950 million devices. Samsung and Google have also announced that they’ll issue monthly patches from now on to address any new security flaws.

If any of these issues apply to you, you should apply the patches immediately, or risk the inevitable financial and reputational damage caused by a successful cyber attack or data breach incident.

Patch management is a major problem for many organizations.

Verizon’s 2015 Data Breach Investigations Report found that over 90% of attacks exploited known vulnerabilities for which patches were already available: “Many existing vulnerabilities remain open, primarily because security patches that have long been available were never implemented. In fact, many of the vulnerabilities are traced to 2007 — a gap of almost eight years.”

According to Trustwave’s 2015 Global Security Report98% of tested web applications were found to be vulnerable.

How do you know which patches to apply?

If your patch management program isn’t up to scratch, one of the best ways of determining which vulnerabilities affect you is to conduct a penetration test.

Vulnerabilities common to off-the-shelf software, CMS platforms, applications, and plugins are being discovered – and exploited – all the time by opportunistic criminal hackers who use automated scans to identify targets.

IT Governance is a CREST-accredited penetration testing service and a PCI QSA (Qualified Security Assessor), and is qualified to conduct vulnerability scans and penetration tests to ensure your compliance with standards including the PCI DSS and ISO 27001.

Making sure you close your security gaps and fix vulnerabilities as soon as they are known is essential to keeping your networks secure and your corporate information safe.

For more free information on penetration testing, click here >>