What Software do I need to Patch?

One of the key issues in Enterprise APM is the breadth of infrastructure. Today, few companies run their whole business on browsers, servers, and the web. In most, there are new applications, legacy applications, packaged applications, and composite ones built on top of several others. There are browsers, terminals, and rich clients. Keeping all this software up to date can be a challenge.

Every day, software companies create new versions of their software. These new versions often introduce new security holes that hackers can exploit. These are called zero-day security issues, because hackers have a short window of time to exploit them before vendors can patch their software and make it available.

You need administrative software that scans computers on your network, both servers and desktops, looking for known security issues. In order to do that, the software must tap into an inventory of vulnerabilities.

You might be surprised to find security issues where you have not looked before. PHP software version 5.2 is no longer supported. That fact alone should drive you to upgrade it to the current version, especially as this software has access to the file system when running as root.

You might be using WordPress for your company blog. Earlier versions of WordPress have been known to exposure security issues. The current version is 3.7.1. Backup your system and upgrade when you can.

Krebs on Security said on December 13 that Adobe Flash and Shockwave have some security issues. One bug, discovered by security researcher Attila Suszter, lures the user into opening a Flash file (.swf) with Microsoft Word, where it can exploit a security issue there,

Microsoft too has pushed out 11 security updates this week according to Krebs. One affects Microsoft 2013 cloud services, specifically the SkyDrive. The weakness lets a hacker hijack a session key to gain access to documents there. (This week the New York Times said Microsoft is moving to encrypt documents on the SkyDrive in the wake of the Edward Snowden revelations.)

Your company probably already has some kind of software to update PCs on the LAN. Does it also scan virtualized Windows and Linux servers?

One such software is GFI Languard. Running it today on my PC it says there is a critical security update with my installed version of Wireshark and VLC Media Player. (You might wonder why a blogger has installed software that can be used to spy on network traffic: Wireshark. Answer: I write on security as well.)

Know that Microsoft Windows is not the only place where you need to keep your software patched. Packaged software and programming languages also can subject your computers to hacking, if you don’t keep it up-to-date.

Application performance and security are two sides of the same coin. An investment in updating your software benefits both.