Tech »  Topic »  Risk & Repeat: Vulnerability patching still falling short

Risk & Repeat: Vulnerability patching still falling short


Many organizations still fail to patch critical vulnerabilities, even when they're under exploitation in the wild. What are the best ways to improve patching rates?

This week's Risk & Repeat podcast discusses the current state of vulnerability patching and why many organizations still don't apply security updates in a timely manner.

Despite the number of attacks on both older, known vulnerabilities and critical zero-day flaws recently, research shows that many organizations fail to patch their systems. For example, more than a week after Microsoft revealed exploitation of four zero days in Microsoft Exchange Server, RiskIQ found more than 82,000 vulnerable servers that were still exposed to attacks. Meanwhile, the U.S. government recently warned nation-state attackers are exploiting unpatched vulnerabilities in VPNs, some of which were first disclosed and patched in 2018.

Why are some organizations slow to address critical bugs? Should vendors be doing more ...


Copyright of this story solely belongs to searchsecurity.techtarget.com . To see the full text click HERE