In a previous post, I wrote about why hackers use old vulnerabilities to compromise networks.
Now there is a data breach study out by Cybertrust that illustrates this point even more. In their 2008 Data Breach study of 500 incidents, they say that more than 70 of breaches caused by vulnerability exploit had patches available for more than 1 year. In total, 90% had patches available for more than 6 months.
A great chart is available.
In another recently article, it stated that only 2% of systems are fully patched and more than 50% of systems have 10 or more vulnerabilities that patches are available for.
Clearly, organizations need to use more than the standard Microsoft SUS / Windows Update Service to keep their systems up to date.
