PRO+ Premium Content/Information Security

Thank you for joining!
Access your Pro+ Content below.
September 2003

Enterprises race to apply Blaster patches

In previous worm outbreaks, enterprises had months to test and apply patches. Blaster stole that luxury, giving network and security mangers a scant four weeks to patch the critical Windows DCOM-RPC vulnerability. There's little data to define a trend, but many in the security community say that the window for patching systems against publicly announced exploits is getting dramatically shorter. "It's definitely starting to come down," says Andy Ellis, chief security architect at Akamai, a global Web content distribution service. "If you want to write a virus today, all you have to do is take existing code, drop in your exploit, and make architectural tweaks." Worms are usually preceded by ample warning, which gives enterprises more than enough time to patch or secure their systems. SQL Slammer appeared last January, eight months after the vulnerability was announced and a patch released. In 2001, Nimda was preceded by a patch, five months of warnings and the Code Red worm, which essentially exploited the same IIS vulnerability. ...

Access this PRO+ Content for Free!

Features in this issue

Columns in this issue