Eskenzi PR

Press Releases

View All Press Releases
Imperva 09 Jun 2010

Imperva CTO says Patch Tuesday only resolves disclosed vulnerabilities

London, 7th June 2010 - Microsoft announced today it is planning 10 patches next week, with one of them addressing a vulnerability in Sharepoint. However, waiting for patch cycles to mitigate vulnerabilities will not protect enterprises.

 

Since April 12, Microsoft SharePoint users have been vulnerable to a web-based attack through their help.aspx page. The problem was made public on April 29, after which Microsoft has been working to produce a patch, due for next Tuesday June 8.

 

“Many organizations have SharePoint servers accessible from the Internet, for partners and customers to access that may be unprotected. Having to wait almost two months for patching a vulnerability related to a very common attack vector (Cross Site Scripting) is just too long,” said Amichai Shulman, CTO, Imperva. “We are repeatedly reminded by such incidents that regardless of the amount of resources poured into SDLC applications still go out of the factory door with vulnerabilities in them. Some of them pop up as a side note on a patch and some as 0days.”

 

Shulman continues “We all rely on vendor patch cycles to keep us and our businesses secure, however as one vulnerability is patched, sooner or later another one will appear. Businesses need to ensure they are secure from all vulnerabilities whether notified or not.”

 

“The criminals do not need to wait for a vulnerability to be notified before they exploit it, so businesses with a public facing portal need to take a holistic approach to security and look at how they can protect their business at all times, especially between patch cycles, whether this is via a web application firewall (WAF) to mitigate vulnerabilities or other security tools. For those relying on Microsoft’s patch cycles the only mitigation possible in the short term is ‘virtual patching’ via a WAF,” Shulman adds.

 

For more on Microsofts Patch Tuesday -  http://bit.ly/bc85JV

For more information on Imperva – http://bit.ly/aKrtxj

 

ENDS

 

For further information or to speak toAmichai, please contact Darshna Kamani on 020 7183 2834 or email Darshna@eskenzipr.com

 

Social Bookmarking
Bookmark and Share
facebook Join us on facebook
linkedin Join us on linkedin
twitter Join us on twitter
YouTube Join us on YouTube
Our Clients
Testimonials
Sean Glynn - Credant Technologies: “Eskenzi PR is in the top 1% of the dozens of PR firms I've worked with over the years both in professionalism and idea generation. The end-point and mobile security market is a very competitive one and when it came to choosing an IT security PR agency that really had the knowledge, contacts and experience, there really was no other choice than Eskenzi PR.”