Navigate

The Importance of Patching Java and Adobe

Most enterprises focus on assuring that their operating systems are patched regularly. They also work to eliminate the use of unsupported operating systems. However, we are finding that most companies do not perform the same diligence Adobe® and Java®. This is just as important, as Java especially is now one of the prime targets for malware authors.

We realize that it is often difficult to upgrade or patch Java and Adobe, due to legacy applications that must use older versions. However, we generally find that when companies actually work on performing relevant updates, it is usually because no one looked at this before. Applying temporary efforts will accomplish one of the foundations of a good security program.

How to Update Adobe and Java?

What are some basic steps to updating Adobe and Java?

  1. Determine which servers contain the vulnerabilities. This can be done by most vulnerability scanning tools, and is an add-on service that Secure-24 can provide for servers under its management.
  2. Focus on the “critical” and “high” vulnerabilities.
  3. Determine what application is using Java on the server.
  4. Determine the application owner.
  5. Obtain approval from the owner to update or patch appropriately.
  6. If approval is not obtained, precess a security exception. The owner may be able to use this to justify upgrading or replacing the application.
  7. Keep track of the reduction in the number of vulnerabilities over 30 days old as the work progresses.
  8. Share with management.
  9. Repeat monthly.
  10. View other middleware products used by the company (e.g., Apache) t ensure they are up-to-date.

These steps are very time consuming initially, so companies may consider hiring temporary assistance to reach a steady state.

If you are interested in discussing this topic further, contact one of security representatives at [email protected]

John Brady is the CISO, at Secure-24.