Pau Lo
asked on
Non MS patches
Is there a list of common apps/software on both microsoft windows servers (most important) and workstations (possibly less important) that wont be patched by WSUS, and some insight into the threat not patching such apps/software poses to any sensitive data held on these servers, when they are internal only. Plus, any free tools that can be used to determine missing patches for these non ms products. What server products will WSUS patch and what wont it?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
That was to be my next question, if the admin isnt browsing the net from a server with an upatched version of adobe, or opening email on the server, which has an unpatched version of adobe, how can that unpatched version of adobe be exploted?
I know of tools like "metasploit" but for something like adobe reader how does a tool go about attacking that exploit and what kind of access will/can the exploit give them on the target server, I would have thought somehow the user would need to be tricked into opening a malcious PDF, but I may be wrong. Say someone unauthorised had gained access to our network/domain, how would they target unpatched vulns in these non MS products on target servers to gain access, can you provide some examples/scenarios, or is it fairly unlikely? I.e. unpatched version of adobe on a windows 2003 server that the attacker wants to attack to gain access to the files on that server - whats the likelehood, next to nothing?
I know of tools like "metasploit" but for something like adobe reader how does a tool go about attacking that exploit and what kind of access will/can the exploit give them on the target server, I would have thought somehow the user would need to be tricked into opening a malcious PDF, but I may be wrong. Say someone unauthorised had gained access to our network/domain, how would they target unpatched vulns in these non MS products on target servers to gain access, can you provide some examples/scenarios, or is it fairly unlikely? I.e. unpatched version of adobe on a windows 2003 server that the attacker wants to attack to gain access to the files on that server - whats the likelehood, next to nothing?
ASKER