Solved

Non MS patches

Posted on 2011-03-16
3
341 Views
Last Modified: 2012-05-11
Is there a list of common apps/software on both microsoft windows servers (most important) and workstations (possibly less important) that wont be patched by WSUS, and some insight into the threat not patching such apps/software poses to any sensitive data held on these servers, when they are internal only. Plus, any free tools that can be used to determine missing patches for these non ms products. What server products will WSUS patch and what wont it?
0
Comment
Question by:pma111
  • 2
3 Comments
 
LVL 3

Author Comment

by:pma111
ID: 35149198
Plus if anyone has a custom risk assessment tool for missing patches, along with a list of risk factors to consider when quantifying just how crucial the missing patch for x software on x server actually poses to the business. I suspect this includes stuff like server location, internal only, in dmz, or data held on server, confidentiality levels etc. If such a risk assessment for CVE vulberabilities exists, that can be used to determine the real risk to the business I would love to see a copy.
0
 
LVL 12

Accepted Solution

by:
antony_kibble<!-8D58D5C365651885FB5A77A120C8C8C6--> earned 125 total points
ID: 35149379
Basically anything that isn't developed by Microsoft will not be patched, natively, by WSUS. However third party applications are able to package up non MS applications and publish them to the WSUS server so that they can be deployed by it as if they were a Microsoft patch.

Anything developed by Microsoft will be patched if it hasn't gone end of life or out of support.

For third party applications
You are looking at

All Adobe products, Reader , shockwave and flash
Quicktime
Java
Firefox
Winzip
iTunes
etc

Threats and risk can really only be done by yourself as you are knowledgeable about your own environment. We don't allow internet browsing from any of our Servers, so when it comes to patching IE cumulative updates servers come lower down the risk register than workstations. Your perimeter will also help in deciding what mitigations you have. Using Firewalls, WebSense etc will all, if updated daily or more often, help block access to and from malware sites or other malicious items.

You also need to look at how prevalent a certain application or vulnerability is within your domain, that will also help decide how critical it is to close, or if the risk is low, can be left until a more suitable time.
0
 
LVL 3

Author Comment

by:pma111
ID: 35149499
That  was to be my next question, if the admin isnt browsing the net from a server with an upatched version of adobe, or opening email on the server, which has an unpatched version of adobe, how can that unpatched version of adobe be exploted?

I know of tools like "metasploit" but for something like adobe reader how does a tool go about attacking that exploit and what kind of access will/can the exploit give them on the target server, I would have thought somehow the user would need to be tricked into opening a malcious PDF, but I may be wrong. Say someone unauthorised had gained access to our network/domain, how would they target unpatched vulns in these non MS products on target servers to gain access, can you provide some examples/scenarios, or is it fairly unlikely? I.e. unpatched version of adobe on a windows 2003 server that the attacker wants to attack to gain access to the files on that server - whats the likelehood, next to nothing?
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Site-To-site VPN Natting inbound traffic? 9 96
AWS Default Security Group Question 3 42
PCI Compliance - mixing SAQs 6 45
Service Specific Account vs 'Administrator' 5 41
February 24, 2017 — On February 23, Travis Ormandy, a vulnerability researcher at Google, reported on Twitter (https://twitter.com/taviso/status/834900838837411840) that massive stores of data have been leaked by CloudFlare, a company that provide…
The related questions "How do I recover the passwords for my Q-See DVR" and "How can I reset my Q-See DVR to eliminate a password" are seen several times a week.  Here we discuss the grim reality of the situation.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question