Threat of the week – Friday 13th September 2013

Come on guys! Get patching your Java and Flash

In our Threat Of The Week of the 8th February we advised that Adobe Flash needed some serious patching to be secured.

It appears that many people have not heeded the warning from just about every security and software vendor under the sun to patch Adobe and also Java on all business machines.

A report from Websense – who do see a lot of traffic under their bridge, advises that only 19 percent of enterprise Windows based machines run the latest version of Java and almost 40 percent of java requests are from out-dated, leaky like a leaky thing, unsupportable as safe as a chocolate fireguard (ok we get the message) Java version 6.

Java add-ons appear to be the key attack vector and they are used to compromise and exploit business machines in order to target corporate secrets or data. If someone wants to get your stuff, they will try and guide your people, with their unpatched Java runtimes, to a compromised site so they can drop the tools of doom and destruction on your unsuspecting, happy and ignorant machines.

To put some context around this, more than 80 percent of Java requests are vulnerable to the following relatively new Java exploits: CVE-2013-2473  and CVE-2013-2463. Have a read, it’s not good, allowing attackers to access your data.

The story is nearly, but not quite as serious with the original badboys of security holes – Adobe Flash and Reader. There are so many vulnerabilities in older versions of these products its not even funny. Please patch them as soon as you can.

ITC use the same network assessment solution we offer to customers on our own network to identify machines with browser and Java runtime issues. Based on Forescout technology it enables machines, which are out of date or out of compliance for one of a myriad of reasons to be identified and if necessary isolated until remediation.

If you would like a demonstration of this technology, or better still would like to test it against your own estate, please contact us on: 020 7517 3900 or email [email protected]