03 April 2022

Someday, Bureaucrats Will Take Security Seriously...

But today, is not that day. CISA orders agencies to patch actively exploited Sophos firewall bug.

While the article is mostly about a few new problems added to the list of things to be updated, there are a couple of older issues. How can it be that there are branches of the Federal Government, in 2022, that are running versions of Microsoft Windows that have not been patched since 2014?

The Cybersecurity & Infrastructure Security Agency (which was named by the Department of Redundancy Department) has ordered all federal agencies to update software to fix a problem that Microsoft fixed in November of 2014. So not eight years out of date. That's something.

The bug in question, has to do with Kerberos, which is a networking security product developed by MIT that allows computers to securely interact over a network that is not secure. Which is fine, if you keep the software updated.

There are also a couple of issues dating to 2018. The federal agencies have until April 21st to update.

So why does it take what is basically an executive order to make people update software more frequently than NEVER? (And in the world of computers, 7 years is basically never.)

No comments:

Post a Comment

Comment Moderation is in place. Your comment will be visible as soon as I can get to it. Unless it is SPAM, and then it will never see the light of day.

Be Nice. Personal Attacks WILL be deleted. And I reserve the right to delete stuff that annoys me.