Article by Matthew Lossano
When the integrity of your system and network is at stake, neglecting a critical software update is the last task that should be placed on the back burner.
According to an article posted on Dark Reading over the summer "Six out of every 10 users of Adobe Reader are running unpatched versions of the program, leaving them vulnerable to a variety of malware attacks..."
All software updates, although seemingly trivial, can offer protection against a variety of vulnerabilities. Most of us will readily update our anti-virus software; we all understand that it can prevent a virus from taking control of our computer or deleting our data.
While the antivirus software actively scans incoming files/emails, AV software is similar to a last line of defense; it is there when your computer has already been the target of an exploitation.
It is really the everyday applications such as Adobe PDF Reader, QuickTime, Adobe Flash and Microsoft Office that are prime candidates for exploitation by hackers if left unpatched.
Unbeknownst to many of us, there is software that can scan your computer and network and check for these un-patched systems. The software can report back exactly which software updates are missing, and then use another tool to actually exploit those vulnerabilities.
Depending on the severity of the security hole, an attacker could take complete control of your computer. An attacker could literally remote connect and disable the physical keyboard and mouse, leaving you to watch them do as they wish.
Granted, you could unplug the Ethernet port or power off the computer, but still terrifying to think about if you have confidential or proprietary data on your system.
Reportedly, the RSA hack that occurred earlier this year used Microsoft Excel to execute a VBA script to exploit an Adobe Flash vulnerability. The Excel script put a backdoor on the computer that allowed the attacker full access to the machine, as well as the networks the user had access to.
While an operating system update is annoying, having to install and restart your system in the middle of the day, they are critical at times. Patching your email, instant messenger, web browser, etc, should be a top priority.
In fact, any software that is used around sensitive information should be regularly updated. Most, if not all, software that runs on your operating system will regularly check for updates.
However, make sure to check that any hardware peripheral devices that have software applications on them, such as a secure USB/HDD drive also automatically checks for its own software updates.