Old software, new problems

A major issue in many environments is the presence of outdated software.  A perfect example was just posted by ZombieTango

http://zombietango.com/blog/2012/11/droppin-0day-5-years-too-late/

It’s all too common to find a server running some old product that is used for some minor purpose in the company that is no longer supported by the vendor.  Keeping software up to date is a big step towards preventing attacks.  If the software cannot be updated, it’s a huge liability.

Any problem found in any version of any program is likely to have an exploit already written for it.  That exploit might even have a Metasploit module already (as ZombieTango wrote for his own discovery).

Pay close attention to any outdated software you might have. If it can’t be removed or patched, at least try to isolate the software and server from having any impact.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s