Window of opportunity closing for patching

Lawrence Walsh, Managing Editor, Information Security Magazine

The Blaster worm gave network and security mangers a scant four weeks to patch the critical Windows DCOM-RPC vulnerability. While there's little data to define a trend, many in the infosecurity community say the window for patching systems against publicly announced exploits is getting shorter.

"What we're seeing is if you don't already have a defense in place, you won't have any time to react anymore," says Kris Zupan, CEO of e-DMZ Security, a comanaged service provider. "It's no longer 'shame on the sysadmin' for not applying patches that are six or eight months old."

Worms are usually preceded by ample warning, which gives enterprises more than enough time to patch or secure their systems. In contrast, the DCOM vulnerability and patch were announced almost simultaneously in mid-July with the publishing of the exploit code. Blaster appeared Aug. 12, just as enterprises were implementing their patching program.

"A couple of weeks to test patches and put out a deployment plan isn't unreasonable," says Eric Schultze, executive director of product research and development at security tools vendor Shavlik Technologies. "If worms come out faster than that, major corporations are going to have a real problem."

One organization looking at the need for faster patch management is the Internal Revenue Service (IRS), which narrowly averted a major Blaster infection of its massive 125,000 Windows workstation environment.

"This new trend means

    Requires Free Membership to View

we're going to have to react faster," says Jim Kennedy, an IRS program manager. "The next time Microsoft releases a patch, we will apply that patch with a greater sense of urgency."

Not all agree the patching window is closing, or that it needs to exist at all. Rather than worrying about patches, some say the answer resides in the basic network architecture, defense-in-depth security strategies and old-fashioned vigilance.

"The final strategy is going to involve patch management at the OS level, more network defenses, network segmentation that will provide protection even when you're unaware of an exploit," says Zupan.


Virus alert: Sobig-F Ask the Experts

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: