We have written several articles recently about how critical patches and updates are to your cyber security.
Here is another reason why:
Proof-of-Concept released for critical Microsoft Word RCE bug (bleepingcomputer.com)
Once the threat actors are aware of a vulnerability – whether it is patched or not – they will develop threats around it, specifically aimed at those who cannot be bothered. This article is about a proof of concept attack developed by a researcher – but as Microsoft acknowledges that some users may not be able to apply the patch and offers a work around instead, it seems likely that the threat actors will also be active.
Your take away from this is make sure all your machines get patched – have a look at this monitoring product – and if you have an operational reason for not patching, make sure it is worth the risk!
Clive Catton MSc (Cyber Security) – by-line and other articles