Large Group of Sys Admins Lag Behind in Patching Server OSes
A few days ago, CNET News.com reported on a study that indicates that a large percentage of system administrators are slow to patch their operating systems, often waiting until they hear about an exploit to which one of their servers is certainly vulnerable.
The article talks about a study performed by Eric Rescola who identified 900 Linux servers that had both OpenSSL and Apache running when a major OpenSSL vulnerability was revealed.
According to the article, 40 percent of the systems were patched to close the OpenSSL vulnerability within seven weeks. Another 30 percent were patched about the time that the Slapper exploit was publicized and began spreading around the Internet.
The remaining 30 percent apparently remained unpatched. One of those servers was in the same colocation facility where CTDATA's servers are. On or around November 11, that server was exploited by Slapper. The subsequent network traffic was so great that it temporarily overwhelmed the routers in the facility. The only solution was for the colocation operator to take the server offline.
This article on CNET is a revealing one, and should be read by customers and system administrators alike. It clearly indicates that administrators need to patch more pre-emptively, and the customers must insist that even unexploited vulnerabilities be patched as soon as patches are released.