Businesses need to be aware of the implications if attempting to use third-party patches
LONDON – April 18, 2006 – Internet Security Systems, Inc. (ISS) (NASDAQ: ISSX), the worldwide leader in pre-emptive, enterprise security, today issued a warning to businesses that using third-party patches could violate the licence agreements for software installed on their mission-critical systems.
Zero-day vulnerability disclosures, such as the recent Internet Explorer ’CreateTextRange‘ vulnerability, are a huge concern for enterprises because they remain unpatched for a considerable time, thereby giving attackers a window of opportunity to exploit vulnerable systems. This fear has given rise to the release of so-called ’unofficial security patches‘.
“Enterprises can feel pressured into believing that on the balance of risks, applying an unofficial patch is safer than remaining...