Updates and Patches

(OBJ .)

Patch management can be

• Manual

  • Rare for fully manual patch management these days

• Automated

  • More reliable and most often used

• Hackers can reverse engineer patches to find the underlying vulnerability

Hotfix

• A software patch that solves a security issue and should be applied immediately after being tested in a lab environment

Update

• Provides a system with additional functionality, but it doesn’t usually provide any patching of security related issues
• Often introduce new vulnerabilities

Service Pack

• Includes all the hotfixes and updates since the release of the operating system

Effective Patch Management involves

• Assigning a dedicated team to track vendor security patches
• Establishing automated system-wide patching for OS and applications
• Including cloud resources in patch management
• Categorizing patches as urgent, important, or non-critical for prioritization
• Create a test environment to verify critical patches before production deployment
• Maintaining comprehensive patching logs for program evaluation and monitoring
• Establishing a process for evaluating, testing, and deploying firmware updates
• Developing a technical process for deploying approved urgent patches to production
• Periodically assessing non-critical patches for combined rollout