Friday, February 8, 2008
Client software vulnerabilities, watch out
The SANS ISC mentioned that today there are patches available for Adobe Acrobat, Firefox and QuickTime. Next Tuesday there will be a bunch more from Microsoft. So what?Try to find a Windows box that doesn't have one of them installed. That means that during these days almost all Windows boxes will be vullnerable to one or more client side vulnerabilities. Considering that most users don't have the habit of updating other software besides Windows and that most organizations are not considering some of those products in their patching processes, we can see why client side vulnerabilities are the new venue to be used by smart attackers.Take the time to check the software inventory from your workstations and compare it to your patch management capabilities. I bet that the new major worldwide security incident will be based on vulnerabilities from those software.