Living with Zero-day Exploits
A recently discovered 0-day exploits in MS Internet Explorer drives home the fact that we have always known: patching doesn't address all vulnerabilites. Flawed code for handling Vector Markup Language in fully patched systems had been exploited by attackers. A group of volunteer researchers released the first but unofficial patch , Microsoft followed with an official patch about a week after the vulnerability was discovered.
What can we learn from this? First, patch anyway. Correct the flawed code that can be corrected. Second, have alternatives to comprimised applications. There are several other fine browsers besideds IE, use them. You can 't easily switch out Web servers, app servers and enterprise software so choose carefully. Best of breed product selections should include an assessment of known vulnerabilities and the speed with which patches are supplied. Finally, use a defense in depth strategy. No one defense will protect against all threats and threats are constantly evolving.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
