Keeping software up to date with the latest security patches is an important part of IT. Studies have previously shown this to be an area of concern, in that not all security updates are upgraded consistently across the network. In general, Windows security patches are more regularly and consistently updated, but they remain a headache for IT.

Graham Cluley of Sophos notes just how frustrating it is to install all the latest Windows security updates:

“It may sound straightforward, but installing the latest Microsoft patches is easier said than done, particularly if you have a regular stream of visitors connecting to your network.”

“Whether it is an employee’s desktop PC or a customer’s laptop, an unpatched machine represents a possible avenue for a cyber-attack.”

Patches must be rolled out to all machines, which poses a difficulty if not all machines are currently on the network, or if they are misconfigured.

The latest security patch was released on September 11 to address known vulnerabilities in Windows, MSN Messenger (both ‘critical’) and Unix services for Windows. You can find more information here.

Graham Cluley continues:

“All organisations should rollout these patches as a matter of urgency, as some of them could enable hackers to access data on a vulnerable PC or run malicious code,” said a statement from Sophos.

There is a continued risk if unpatched computers are brought onto the office network. It is difficult to police the security practices of guests, customers and business partners, so some form of Network Access Control should be implemented.

Via Secure Computing Magazine ; hat tip to flying hamster Tags: , , , , , ,

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • del.icio.us
  • Digg
  • StumbleUpon
  • Technorati