I had to write about patches today – yesterday was Microsoft Patch Tuesday and we got a range patches for their software. Some of these were for critical vulnerabilities with one of them actually being exploited in the wild.
Microsoft October 2021 Patch Tuesday (sans.edu)
Other software vendors also seem to have a “Patch Tuesday“.
Computer code today is extremely complex and although responsible companies carry out as much testing as possible before release but there will always be issues – even the mighty Apple slips up.
Add to that, that once released malicious actors will be testing, probing and dismantling the code looking for weaknesses. With these two factors working against you, your software and any information you have in that software or on your device is at risk, so it would be reckless not to apply any patches or updates issued by the software vendor as soon as they become available.
I think this is one of the simplest but effective steps you can take for your cybersecurity.
Patch, patch patch ASAP – but have a back-up just in case the software vendor messes up the patch. Microsoft Windows has the option to wind back patches – I can even wind back my Windows 11 upgrade to Windows 10.
Here are a couple of posts that talk about the gap between the when the bad actors discover your software’s weakness and the software vendor discovering the issue and then sending you the patch – the zero-day attack.
Octagon Technology have a solution for businesses who want to ensure their cybersecurity defences are not compromised by staff skipping the essential patches. They also have back-up solutions that exceed the recommendations of the National Cyber Security Centre.
Clive Catton MSc (Cyber Security) – by-line and other articles
