Lumension® Endpoint Management and Security Suite:
Patch and Remediation

Mitigating IT Risk from Third Party Application Vulnerabilities

As the use of non-Microsoft, third party applications and software has increased in the workplace, so has the risk to organizations' IT environments. Most organizations today take at least twice as long to patch third-party application vulnerabilities as they do to patch operating system vulnerabilities. Cybercriminals have taken notice of this and are leveraging vulnerabilities in third party applications as new attack vectors ways into organizational networks.

New malware continues to be created at an exponential rate – at the start of 2015, AV-Test Institute was registering over 390,000 new malicious programs every day.1 Increasingly cyber criminals are focusing their efforts on exploiting existing and known 'critical' vulnerabilities. Even vulnerabilities that have existed for quite some time continue to be exploited by malware – many of these are non-Microsoft third party applications.

Top Vulnerabilities Most Exploited by Malware

Vulnerability

Disclosed

Patched

1. Microsoft Internet Explorer RDS ActiveX

2006

2006

2. Office Web Components Active Script Execution

2002

2002

3. Microsoft Video Streaming (DirectShow) ActiveX Vulnerability

2007

2009

4. Real Player IERPCtl Remote Code Execution

2007

2007

5. Adobe Acrobat and Adobe Reader CollectEmailInfo

2007

2008

6. Adobe Reader GetIcon JavaScript Method Buffer Overflow

2009

2009

7 Adobe Reader util.print() JavaScript Func() Stack Overflow

2008

2008

8. Microsoft Internet Explorer Deleted Object Event Handling

2010

2010

9. Microsoft Access Snapshot Viewer ActiveX Control

2008

2008

10. Adobe Reader media.newPlayer

2009

2009

11. Microsoft Internet Explorer (OE) iepeers.dll

2010

2010

12. BaoFeng StormPlayer Buffer Overflow

2009

2009

13. JVM Buffer Overflow Vulnerabilities

2009

2009

14. Microsoft IE STYLE Object Invalid Pointer Reference

2009

2009

15. Java WebStart Arbitrary Command Line Injection

2010

2010


Patching and configuration management are central components of a depth-in-defense approach that minimizes the risk of cybercriminals exploiting vulnerabilities for financial gain. By leveraging patch and configuration management solutions, organizations can mitigate the majority of their IT risk. But not every patch management solution is equal.

There are "free" stand-alone patch tools and native software updaters available, but these point technologies require more administrative burden – and they only mitigate a subset of vulnerabilities. The breadth of patch content supported by varies widely across patching products. Compare the coverages and ensure that you can support all of your application and operating system vulnerability management requirements.

By implementing a patch management solution that automates policy baselines across OS and 3rd party applications, IT can more effectively reduce risk across the entire organization. Ideally the patch management solution is offered as part of a comprehensive endpoint management and security suite that can integrate with other capabilities such as application control/ whitelisting and anti-virus, through an integrated approach to patch and overall endpoint management. IT can deliver a more effective endpoint security strategy while also improving operational efficiencies.

Shifting to Defense-in-Depth

shifting to defense-in-depth
 

Ready for Your Free Trial?

Get Started Today

In just a matter of minutes you can start your evaluation Lumension® Patch and Remediation. Automatically identify and patch vulnerabilities quickly across heterogeneous operating systems, applications and endpoint configurations.

 

Source:
  1. AV-Test.org malware statistics (Jan-2015)