Wednesday's child is full of unpatched security exploits

By Matt Whipp

Posted on 14 Jul 2003 at 15:58

The Internet Risk Impact Summary Report for the second quarter of 2003 reveals that most security attacks are launched on a Wednesday, with increasing variety of methods used to target the same vulnerabilities.

The report, issued by Internet Security Systems, shows the numbers of serious incidents have risen 13.7 per cent over the previous quarter, with Wednesdays averaging 1,809,222.

Experts at ISS put the increase down to hackers finding a wider variety of methods to exploit the same vulnerabilities. Chris Rouland, VP the ISS X-Force team said: 'Historically, the number of vulnerabilities has outpaced threats. [But now] The increase in threats is overwhelming companies that cannot keep up with the demands of patching systems.'

The team predicts that as businesses seek to connect remote workers with high speed links, mobile devices, messaging applications and wireless networks, a whole new set of vulnerabilities will emerge as the deploying the new technologies will take precedence over making them secure.

'The challenge most companies must deal with is discovering and protecting the most critical risks within their organisations. As a long term goal, they need to minimise vulnerabilities, as hackers will try to attack less-protected systems and emerging platforms,' said Rouland.

A range of factors are attributing to the problem of poorly configured security. To begin with, the economic climate means many sysadmins are simply too busy to test security patches on 'dummy' machines, so they can check that installing the patch won't cause systems to malfunction. Furthermore, there are often many different routes to manage security patches: Microsoft's Office requires you to visit a website to check for new patches, while Windows does this automatically.

So while IT departments should be more conscientious about security, platform providers should also make it easier to be so. And Microsoft is well aware of this - it now provides information on each patch as to whether patches require a reboot or can be uninstalled, and is working on a unified patch management system.