A few days ago, SkyRecon Systems announced that they’ve found a serious vulnerability in 32-bit and 64-bit versions of Windows Vista that could allow an attacker to take complete control of the affected system. The attacker could use their increased privileges to install programs; view, modify, erase, or remove data; or even create new accounts that possess full administrative rights to the system, applications, and data. This would, of course, not be a good thing.
Microsoft quickly issued (although in truth a week between a vulnerability being announced and a patch being issued would be a long time for the owner of a compromised system) a security bulletin and update, MS07-066.
Skyrecon is an interesting company. I’m currently in the process of evaluating their StormShield application which is an endpoint security and data loss prevention solution. So far, it seems to be working well, but then again I like to test things until I break them so I’m not quite satisfied yet. The thing that’s cool about StormShield is that it uses many layers of protection to prevent operating systems and applications from being compromised. The protection is more holistic than the typical definition based antivirus that most vendors offer so it can protect against known and unknown vulnerabilities. Protecting against unknown vulnerabilities is important because, as shown above, it could take a week for a vendor to respond to an unknown vulnerability.
What does this mean for you? It means that you should be patching (downloading security updates) your systems regularly. Vulnerabilities are discovered and threats are evolving on a daily basis. If you don’t keep up with this stuff you will eventually suffer down time. Down time typically means lost revenue plus the expense of cleaning up compromised systems. That’s not a good thing.
Protect your systems proactively with endpoint security software like that offered by Skyrecon , Symantec and Eeye Digital Security. You already face enough challenges in running a business. You don’t need to add potentially compromised systems to the list.