The plain truth about security updates is that enterprises will always have a lag time between when patches are released and when they’re deployed.

Even so, too many organizations are taking too long to test and schedule, and they’re paying the price.As reported earlier, a new ransomware attack called Wanna Decryptor (WannaCry) struck tens of thousands of systems in more than a dozen countries around the world, including hospitals at the United Kingdom’s National Health Service, KPMG, Spain’s telecommunications company Telefonica, and banks BBVA and Santander.

The ransomware has wormlike properties, as it spreads through network file shares, possibly using the vulnerability in the Windows SMB (Server Message Block) protocol (MS17-010) that Microsoft patched in March.

The flaw is used by the EternalBlue exploit, which was part of the cache of hacking tools allegedly developed by the NSA and dumped by the Shadow Brokers group.To read this article in full or to leave a comment, please click here

Leave a Reply