Legacy systems | Obsolescence doesn’t go hand in hand with security

02-11-2023 | less than 1 lecture minimale | Cybersécurité, Décommissionnement des systèmes legacy

Author: Yannick Thommassier, CISO of TJC Group

You might think that obsolete systems are never affected by new vulnerabilities because they have reached their last available update level, and no security researcher or hacker is going to try to exploit them. However, this is not the case, as recent vulnerabilities discovered in a library can ultimately affect all current and past versions of that library.

Take, for example, the recent vulnerabilities CVE-2023-38545and CVE-2023-38546 in the cURL library, a computer software project providing a library (libcurl) and a command-line tool (curl) for transferring data using various network protocols.

Take, for example, the recent vulnerabilities CVE-2023-38545and CVE-2023-38546 in the cURL library, a computer software project providing a library (libcurl) and a command-line tool (curl) for transferring data using various network protocols.

Therefore, one must rely on the hypothetical backport of corrections to the source code of these earlier versions of the library to ensure security. However, this process can be time-consuming and may lead to incompatibilities. Upgrading a library on an obsolete system is a complex task.

This is why maintaining a legacy system, even one that is up to date with the latest patches released by the publisher, is not secure in the long run. Storing data on these systems over the medium or long term poses a security risk.

As a result, it is highly advisable to consider decommissioning these legacy systems and transferring their data to a modern, robust, and up-to-date archiving service designed for this purpose, ensuring the highest level of data security.

The following article might also be of your interest: