Hackers targeting non-Microsoft vulnerabilities

Stan Beer
Tuesday, 09 May 2006 19:05

Business IT - Security

The Asia Pacific vice president of patch management software vendor, Patchlink, believes that is a growing incidence of hackers targeting non-Microsoft platforms.

According to Neal Gemassmer, Vice President of PatchLink APAC, recent evidence shows that Microsoft is now just one of many targets for hackers.

"With many organisations emphasising Patch Tuesday, while the number of non-Microsoft vulnerabilities grows, enterprises may be lulled into a false sense of security. Out of the one-hundred new vulnerabilities reported by SANS in the first week of April 2006, ninety-six were non-Microsoft software-related vulnerabilities," said Mr Gemasser. "These statistics re-enforce PatchLink's assertion that regardless of the operating system or application in which a new vulnerability arises, customers need to patch across multiple platforms and application layers.
 
"As IT environments become increasingly heterogeneous, hackers are increasingly targeting non-Microsoft, browsers, platforms and applications. The best network security strategy is to ensure that all systems across the network have the most up-to-date patches, software updates and policy changes, regardless of if its a Microsoft product or not.”

Microsoft is planning to issue three critical fixes (2 Security Updates for Windows, 1 Security Update for Exchange), which may require a restart. In order to maintain business continuity and provide ongoing protection across the enterprise, IT administrators need to carefully complete a thorough and accurate inventory of their IT assets and prioritise the patching process. IT administrators need to test the critical patches in their respective environments to ensure there are no disruptions to their environment before deploying them across the entire network.