Why is Patch Tuesday important?
For that answer why Patch Tuesday is important, have a look here:
How Microsoft Patch Tuesday can help your cyber security planning
Patch Tuesday for April 2023
One of the patches in this release is for the zero-day vulnerability CVE-2023-28252, which is a privilege elevation flaw in the Windows Common Log File System (CLFS). It has been spotted being exploited by threat actors deploying Nokoyawa ransomware.
There are 97 other patches included in this months update – seven of which Microsoft has categorised as critical.
Here is Microsoft’s page about the Patch Tuesday patches and updates:
April 2023 Security Updates – Release Notes – Security Update Guide – Microsoft
For something more digestible try this summary by Lawrence Abrams on Bleeping Computer:
Microsoft April 2023 Patch Tuesday fixes 1 zero-day, 97 flaws (bleepingcomputer.com)
Your takeaway from Patch Tuesday…
Get these updates done – and make sure your team get the updates done. It is easy to say “I am too busy to restart my PC now”, but get up from your desk, have a walk, make a drink – exercise and hydration is healthy, whilst Microsoft does it’s thing.
Not sure if your team has done the Patch Tuesday updates?
That is where IT monitoring is an essential cyber security tool. You don’t have IT monitoring tools, then have a look at Martin’s article where is briefly explains the benfits for you and your organisation:
Clive Catton MSc (Cyber Security) – by-line and other articles
Further Reading
My advice: Either you or your IT support need to check whether these issues impact your systems. You need to have a master document that details your systems, hardware, software, online, networks, back-ups, suppliers etc – so when cyber security (or operational) issues arise you and your support teams can quickly check if you are affected. From there you can take fast, effective action.
