Patch Tuesday made for an awful April for IT managers and security officers.
Microsoft's voluminous and unprecedented April 13 release of eight patches that repaired 21 security holes, along with several other critical warnings from Cisco Systems and Sun Microsystems, made for a record-breaking number of alerts flooding inboxes this month, according to security alert provider Threat Focus Inc.
Co-founder Kevin Nelson said his company identified 177 new security issues during the last 30 days. In turn, his company sent out a record number of alerts topping the previous high set last September. Nelson would not say how many alerts his company sent out.
"Ultimately what this means is that software continues to be complex, more people are working to find and exploit vulnerabilities and there's more evidence there is money tied to hacking with alliances to spammers," Nelson said. "It's not just about the smart 15-year-old playing games. When you put money on the table, it changes things."
IT administrators, meanwhile, are left trying to sift through the volumes of data to prioritize their patching while praying they don't miss a critical bit of information.
"With the time from a vulnerability being announced to an exploit and a virus getting out shrinking to a period of days, people don't have the luxury of ignoring alerts any more," Nelson said. "There are things they can do at the firewall and on the perimeter to protect themselves, but with Internet-facing machines, if they're vulnerable, it's almost certain they will be attacked."
Microsoft's Patch Tuesday barrage included fixes for problems in Windows, Exchange and SQL Server, along with subsystems like the ASN.1 libraries and RPC-DCOM, which was exploited by the Blaster worm last summer. Cisco, meanwhile, issued seven alerts warning of problems in its routers and firewalls. Add in separate alerts from Sun and several Linux distributions, and administrators were not only facing serious security issues, but information overload.
"This month was crazy," Nelson said. The week of April 11 was especially arduous, with the typical Threat Focus subscriber receiving more than 10 alerts and some enterprise subscribers bombarded with 40 alerts, more than three times the average number of notifications sent in a week.
Ironically, Microsoft's recent decision to release patches on the second Tuesday of every month has helped soften the alert fatigue some IT admins are feeling.
"It allows them to manage their time better," Nelson said. "When Microsoft releases news of a vulnerability, it starts the clock. That's when the bad guys start working on exploit code. For an IT department that is overloaded, this enables them to schedule their time better. They know to clear their calendars around the 13th or 14th of every month."