Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Report: Watch for Security Blind Spots if Your Focus is Patching Microsoft Vulnerabilities

Microsoft’s Patch Tuesday is a monthly news event. But new research from Secunia shows that focusing on patching Microsoft vulnerabilities can create a dangerous security blind spot.

Microsoft’s Patch Tuesday is a monthly news event. But new research from Secunia shows that focusing on patching Microsoft vulnerabilities can create a dangerous security blind spot.

Secunia Vulnerability ReportAccording to a new report from Secunia, third-party programs – as opposed to software from Microsoft – are almost exclusively responsible for the growth in vulnerabilities. In its Yearly Report for 2011, Secunia found that 78 percent of the vulnerabilities uncovered last year were in third-party programs. Just 12 percent of the vulnerabilities were found in Windows, and the remaining 10 percent were in Microsoft programs.

For organizations, this means that having the perception Microsoft products represent the primary attack vector is dangerous.

“Patching raises many challenges, however, the first challenge is always to identify all the assets (systems and software) that may need patching,” said Thomas Kristensen, chief security officer of Secunia. “We often find that this is the biggest obstacle to efficient patching.”

Complexity is another enemy of patching, the firm contends.

“To fully patch a typical end-point, the user (or administrator of the system) has to master at least 12 different update mechanisms, as the Top-50 software portfolio comprises programs from 12 different vendors,” the vendor claimed in its report. “With one update mechanism, namely “Microsoft Update”, the operating system and the 28 Microsoft programs can be patched to remediate 22% of the vulnerabilities. In addition to this, another 11 update mechanisms are needed to patch the remaining 22 third-party programs to remediate 78% of the vulnerabilities.”

The good news is that 72 percent of vulnerabilities had patches available on the day of disclosure.

“When applying patches there may be a number of concerns, centralized systems such as database servers which often are business critical, is always more of a concern than a typical office application,” he said. “One needs to define a policy with regards to prioritizing different systems as well as a testing policy to ensure that no patches are applied to live systems before having undergone testing.”

The full report can be found here.

Advertisement. Scroll to continue reading.

Related: 3rd Party Applications Responsible for 69% of Vulnerabilities on Most Endpoints

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Karl Triebes has joined Ivanti as Chief Product Officer.

Steven Hernandez has joined USAID as CISO and Deputy CIO.

Data security and privacy firm Protegrity has named Michael Howard as its CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.