This article I read was about the Nevada Department of Corrections. They were audited a couple weeks backs and auditors found that they were not updating their system’s security. It was found that over 211 desktop systems there had not had system upgrades in months and one prison indicated that the equipment there had not been upgraded since 2010.
This is a fairly long time, though it seems that a majority of companies have not been updating their systems, leaving vulnerabilities open for hackers to exploit. The state put in standards for virus protection on their computers and some boxes didn’t even meet this standard.
The auditors say that the department needs more controls to make sure that things such as sensitive information stored in photocopiers are erased. Luckily since this audit, they have been working on correcting the problems in their systems.
After the recent Microsoft Internet explorer zero day announcement there comes an Adobe bulletin about a zero day in flash.
Although that bug is entirely in Microsoft’s code, the exploits currently seen “in the wild” rely on a Flash file to get things going. In the IE attacks flash is used by attackers to create the circumstances needed to make their exploit succeed. This newly announced flash exploit is unrelated. APSB14-13 is a bug in Flash itself that apparently allows remote code execution. That means that you could be infected just by viewing a Flash file in your browser. Adobe is not really saying what is wrong, but there has been a patch released. Adobe rates this patch Priority 1, Critical. So you may as well patch just as soon as you can.