Thursday, November 6, 2008

Vulnerability Management with MS08-067

It’s already 2 weeks since Microsoft released patch for MS08-067. The company I am working for has already patched 88% windows servers in the first week, and till now, 98% servers were patched.

This time frame is well compliant with company security policy, and here I have some experience to share after this urgent patching period.

First of all, for a vulnerability management program, assets management is the most important. Asset inventory should be centralized and well maintained, the scope can be identified in first step, then all assigned owners and custodians will be notified immediately. This will speed up patch progress, especially for DMZ servers which are facing threats from internet.

Secondly, a well established patch process is needed, which should be effective in such urgent situation. Usually ops team has to submit change request to get change windows to perform patching task, but for urgent patch issue, there should be special process to gain support from upper management, pushing jobs done quickly.

Thirdly, security team should be armed with some tools, to identify vulnerability, check patch status, or exploit vulnerability for demonstration purpose. Except the commercial software our company bought, here I recommend the free Metasploit Framework that everyone can download freely. Metasploit is an open platform to do penetration test and vulnerability research. The project team was updating ms08-067 scanner and exploit in daily snapshot, we could finish the cycle of identification, assessment, checking and monitor in ms08-067 patch management easily.

No comments:

Post a Comment