The Threat
Software is imperfect; very often, operating systems and other applications are released for use with flaws. These flaws are known as Common Vulnerabilities and Exposures, or CVE for short. CVE can affect the can be exploited, putting the confidentiality, integrity and/or availability of a system at risk.
The Target
Every system and all software are at some time susceptible to exploitation due to the vulnerabilities and exposures in the code.
The Control
The Mitre Corporation maintains a database of common vulnerabilities and exposures (CVE). This database is updated as new vulnerabilities and exposures are discovered in existing software. In response, software manufacturers often release “patches” to repair their software. Systems without the patches installed are vulnerable to the threat defined within the CVE document.
In the past, maintaining currency of software on servers and systems was a cumbersome task. Updates and patches had to be tested extensively to ensure that they would not negatively affect another part of the system or application, as was often the case. Today, the architecture of modern operating systems and the rigour applied to testing patches before they are released have all but eliminated the risk of interference when an update is installed. There are still occasions that a patch may interfere with other applications, although these are rare.
Be Safe
- Configure operating systems to automatically install critical updates
- Configure important applications to automatically install critical updates
- System administrators should regularly monitor CVE for those that affect their systems
Resources
Microsoft Windows:
http://windows.microsoft.com/en-US/windows/help/windows-update