Unpatched Apps Pose Dangerous Risks

I found this in the Register today. And I completely agree. If your IT Team seems more worried about getting the latest Microsoft Patch applied than they are about upgrading Adobe Acrobat, they are making a huge mistake.

There are many applications that users typically install on their systems and then neglect to update them. And many of them pose the risk of PC hijacking and remote control.

From the Reg:

Mozilla’s Firefox 1.0.7 has taken top spot in a list of vulnerable applications likely to be lurking in corporate IT systems released by Bit9.

Firefox 1.0.7 is number one on its list, with vulnerabilities including “memory corruptions, buffer overflows, and running of arbitrary HTML and Javascript code that in many cases allow the execution of arbitrary code”.

Apple’s iTunes 6.0.2 and Quicktime 7.0.3 come second, with Skype Internet Phone 1.4 third, Acrobat Reader 7.02/6.03 fourth, and Sun’s Java Run-Time Environment 5.0 rounding out the top five.

Security hounds may be surprised that Microsoft doesn’t make an appearance till number nine, with Microsoft Windows/MSN messenger 5.0.

On a personal note, I always try to keep all of my helper applications like Adobe Acrobat and Skype up to date and completely patched. But I recently got a horrible browser hijacker installed on my system despite have great AV and antispyware running on the system.

The culprit? Although I had installed the newer version of Java Runtime, I didnt uninstall or delete all of the old code. A website called on this old code and it took me hours to get the malware off of my system since it respawns from 3 hidden locations.