Destruction by the downadup worm was caused by companies not being prepared for an out-of-band patch

News by Dan Raywood

The impact of the downadup worm is down to slack patching and not automating patch management.

The impact of the downadup worm is down to slack patching and not automating patch management.


Chris Schwartzbauer, vice president of Shavlik Technologies, claimed that the problem is that organisations think that they are patched but due to a lack of process with an out-of-band patch some companies were not prepared.


Schwartzbauer said: “The only way to patch securely and prevent vulnerabilities is through automation. Operations staff don't have the time to do anything out of band. The problem is that the executives won't spend the money on the right tools, they think the tools they have are good enough but some tools like WSUS (Microsoft) don't have the fine-grained control to use on critical machines and dynamic machines.


“People didn't deploy the patch as it was out-of-band and people didn't get round to it or have a method to apply it due to not having automated tools, they could be prepared but haven't spent money on it. This exploit is a great example of what can happen if the right automation tools are not being used."


Further, Schwartzbauer claimed that the problem for critical machines is that servers generally run the critical operations for the business, and are a bit fragile, and when they are running, IT staff don't want to take them down any longer than necessary for cost purposes.


He said: “This approach is disastrous in a time when efficiency is paramount. The problem is complicated by the fact that many servers need to perform a sequence of actions if they chose to patch and reboot. Ideally this would happen in the shortest amount of time possible. Tools like WSUS do not have the ability to do this.”


Also, Schwartzbauer said that the problem with dynamic machines is ‘fundamentally that portable (laptops) are offline when vulnerability scans occur and its agent software is not activated.


“Additionally virtual machines have proliferated the number of machines that must be protected; unknown network connections and account privileges persist and unknown applications exist – whether malicious or loaded inadvertently by employees”, said Schwartzbauer.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews