ABSTRACT
Patch management is an essential aspect of security that few organizations get right. The negative effects of this can be devastating in terms of a data breach. At the time of this writing, a Java flaw has been found that allows an attacker to exploit Java’s Runtime Environment (JRE), a platform that runs on pretty much every single system and can execute commands on the system by bypassing Java’s security sandbox. It is interesting to note that five weeks after the exploit had been released, my team was performing a penetration test at a client’s location that was to be certified for PCI-DSS, and this flaw was found on all of its production servers and most of its desk-
tops. Figure 13.1 is an article at ArsTechnica about the Java exploit.
