Solved

Non MS patches

Posted on 2011-03-16
3
340 Views
Last Modified: 2012-05-11
Is there a list of common apps/software on both microsoft windows servers (most important) and workstations (possibly less important) that wont be patched by WSUS, and some insight into the threat not patching such apps/software poses to any sensitive data held on these servers, when they are internal only. Plus, any free tools that can be used to determine missing patches for these non ms products. What server products will WSUS patch and what wont it?
0
Comment
Question by:pma111
  • 2
3 Comments
 
LVL 3

Author Comment

by:pma111
ID: 35149198
Plus if anyone has a custom risk assessment tool for missing patches, along with a list of risk factors to consider when quantifying just how crucial the missing patch for x software on x server actually poses to the business. I suspect this includes stuff like server location, internal only, in dmz, or data held on server, confidentiality levels etc. If such a risk assessment for CVE vulberabilities exists, that can be used to determine the real risk to the business I would love to see a copy.
0
 
LVL 12

Accepted Solution

by:
antony_kibble<!-8D58D5C365651885FB5A77A120C8C8C6--> earned 125 total points
ID: 35149379
Basically anything that isn't developed by Microsoft will not be patched, natively, by WSUS. However third party applications are able to package up non MS applications and publish them to the WSUS server so that they can be deployed by it as if they were a Microsoft patch.

Anything developed by Microsoft will be patched if it hasn't gone end of life or out of support.

For third party applications
You are looking at

All Adobe products, Reader , shockwave and flash
Quicktime
Java
Firefox
Winzip
iTunes
etc

Threats and risk can really only be done by yourself as you are knowledgeable about your own environment. We don't allow internet browsing from any of our Servers, so when it comes to patching IE cumulative updates servers come lower down the risk register than workstations. Your perimeter will also help in deciding what mitigations you have. Using Firewalls, WebSense etc will all, if updated daily or more often, help block access to and from malware sites or other malicious items.

You also need to look at how prevalent a certain application or vulnerability is within your domain, that will also help decide how critical it is to close, or if the risk is low, can be left until a more suitable time.
0
 
LVL 3

Author Comment

by:pma111
ID: 35149499
That  was to be my next question, if the admin isnt browsing the net from a server with an upatched version of adobe, or opening email on the server, which has an unpatched version of adobe, how can that unpatched version of adobe be exploted?

I know of tools like "metasploit" but for something like adobe reader how does a tool go about attacking that exploit and what kind of access will/can the exploit give them on the target server, I would have thought somehow the user would need to be tricked into opening a malcious PDF, but I may be wrong. Say someone unauthorised had gained access to our network/domain, how would they target unpatched vulns in these non MS products on target servers to gain access, can you provide some examples/scenarios, or is it fairly unlikely? I.e. unpatched version of adobe on a windows 2003 server that the attacker wants to attack to gain access to the files on that server - whats the likelehood, next to nothing?
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
On Beyond Tools A conversation I recently had with the DevOps manager of a major online retailer really made me think about DevOps monitoring tools (https://www.onpage.com/devops-incident-management-tool/). The manager and I discussed how sever…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question