• McMaster
  • McMaster A-Z Index
• Academics
  • Undergraduate Studies/Programs
  • Graduate Studies/Programs
  • Part-Time Studies & Continuing Education
  • Departments & Faculties
• Alumni
  • About the Alumni Association
  • Alumni Events
  • Services & Benefits
  • Programs for Alumni
  • Alumni Networking
  • Keep in Touch
  • Homecoming
  • Alumni Weekend
  • Students & Young Alumni
  • Giving to McMaster
• Discover McMaster
  • About the Campus
  • Fast Facts
  • Governance
  • History of McMaster
  • How to Get to McMaster
  • Policies, Procedures & Guidelines
  • President's Message
  • Provost & Vice-President (Academic)
  • Strategic Plan
  • Teaching and Learning at McMaster
• Future Students
  • Undergraduate
  • Graduate Studies
  • MBA Program
  • Continuing Education
  • Parents
  • Student Services
  • Virtual Tour
• Library
  • About the Libraries
  • Contact Us
  • Course Reserves
  • Library Catalogue
  • Library Services
  • My Account / Book Renewal
• Research
  • Canada Research Chairs
  • Endowed & Industrial Chairs
  • Ethics in Human Research
  • McMaster Innovation Park
  • Office of International Affairs
  • Partnership Opportunities
  • Research Centres & Institutes
  • Research Policies & Procedures
  • Science in the City
• Current Students
  • Student Affairs
  • Student Resources
    • Chaplaincy
    • Human Rights & Equity
    • Information Technology
    • Office of Academic Integrity
    • Ombuds
    • Parking & Transit
    • Registrar
    • Safety & Security
    • Student Financial Aid & Scholarships
    • Student Accounts
  • Student Government
    • Graduate Students
    • Part-time Students
    • McMaster Students Union
  • Campus Life
    • Clubs
    • Events

University Technology Services

• IT Security
• Risk management
• Security Initiatives
• Service Catalogue
• Policies
• Standards
  • Server Security
  • External Facing Server Security
  • Computer / Laptop
  • Smart Devices & Tablets
  • PCI C-VT Setup
  • PCI HPP Setup
• Best Practices
  • Factors Affecting Best Practices
  • Information Classification
  • System Security
  • Application Security
  • Access Control
  • Server Physical Security
  • Disposal
  • External Resources
• Safe Practices
  • Passwords
  • Anti-virus
  • Phishing
  • Internet use
  • Personal Firewall
  • Free software
  • Encryption
  • Software Updates
  • Physical Security
  • External Resources
• Security Incidents
  • Example of Security Incidents
  • Reporting
  • PCI - Incident Reporting
• Alerts & Notices
• Disaster Recovery / Business Continuity
• E-commerce (PCI)
• Copyright & P2P
• Administrative Data Access Control
• Photo Identification
  • FAQ
• UTS Home

The Threat

Software is imperfect; very often, operating systems and other applications are released for use with flaws.  These flaws are known as Common Vulnerabilities and Exposures, or CVE for short.  CVE can affect the can be exploited, putting the confidentiality, integrity and/or availability of a system at risk.

The Target

Every system and all software are at some time susceptible to exploitation due to the vulnerabilities and exposures in the code.

The Control

The Mitre Corporation maintains a database of common vulnerabilities and exposures (CVE).  This database is updated as new vulnerabilities and exposures are discovered in existing software.  In response, software manufacturers often release “patches” to repair their software.  Systems without the patches installed are vulnerable to the threat defined within the CVE document.

In the past, maintaining currency of software on servers and systems was a cumbersome task.  Updates and patches had to be tested extensively to ensure that they would not negatively affect another part of the system or application, as was often the case.  Today, the architecture of modern operating systems and the rigour applied to testing patches before they are released have all but eliminated the risk of interference when an update is installed.  There are still occasions that a patch may interfere with other applications, although these are rare.

Be Safe

• Configure operating systems to automatically install critical updates
• Configure important applications to automatically install critical updates
• System administrators should regularly monitor CVE for those that affect their systems

Resources

Microsoft Windows:
http://windows.microsoft.com/en-US/windows/help/windows-update

Red Hat Linux:
https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html

Apple:
http://support.apple.com/kb/HT1338