Is Patch Tuesday a Necessary Evil?

In the last Patch Tuesday bulletin, Microsoft identified a critical flaw affecting Remote Desktop Protocol (RDP), included in most versions of Windows, and they estimate criminals will exploit it within 30 days. How long will it take you patch your critical systems and what is the cost to productivity? Is there a better way?
**Update: this vulnerability is already being exploited. Patch now and check out the video for a better method to use next time.

Transcript: [Patch Tuesday from Microsoft. I call it the necessary evil. Nobody’s shouting, Hooray another downtime. Ok some ends users might like the extra coffee break. This time on March 13 Microsoft issued a crucial alert for a new vulnerability in its remote desktop protocol across all of its servers and desktop systems. As a remote desktop protocol that is widely used within Enterprises this is really severe as attackers will be able to remotely control an affected system. Microsoft anticipates that an exploit for code execution will be developed in the next 30 days. Ok while we record this, in 28 days. Ask yourself how fast and how often are you able to patch your systems. In 2010, for example there had been a total of 2,100 critical software flaws, that’s 8 for every working day. So Microsoft is good for the system administrator’s job security but not good for the uptime of your systems. You now should take down and patch mission critical servers and endpoints for a kind of emergency. No surprise that we see so much interest for the product Deep Security and its capacity of vulnerability shielding or also called virtual patching . It protects an unpatched system from being exploited and gives you time and peace of mind to patch when you’re ready for it at your own pace. And not when it’s tainted by a third party or by an attacker. And that’s extremely important now a days because uptime is important.]

If you enjoyed this post, make sure you subscribe to my RSS feed!

Leave a Reply