Back to Basics with Patching and Updating
Microsoft released two patches this week outside of their normal monthly update. These two vulnerabilities opened Microsoft users to hackers and were serious enough that the company pushed the updates out of schedule. This is the kind of story that emphasizes one of the steps in our Q-Stack. You can read the whole story on the Microsoft patches Here. Today we’re going Back to Basics with Patching and Updating.
When we talk about patch management in the IT world, what we are really talking about are updates. Operating system and application developers both consistently release patches to correct errors or bugs found in software, or security updates when vulnerabilities are found. Hackers and software companies are in a continuous battle for the next vulnerability. The hacker finds a vulnerability they can exploit, the software developer sees this exploitation and releases a patch.
There are many aspects of patching to think about. Servers, operating systems, and software all have patches. Any of these three components could present a vulnerability a criminal could exploit. Many systems offer automatic updates, but these do not always cover all updates. It is best to have a professional manage you company’s updates for times like these when a patch comes out of schedule and there is a known vulnerability. Hackers are reading the IT news just like we are, so they know there’s a Microsoft vulnerability that could be open for a couple weeks.
Another factor to consider is end of life software. As machines and operating systems age, there is a point where developers stop supporting software. We covered this issue last year when Microsoft decided to continue to support Windows 7, but with limitations. Users had to pay for the support and it only lasted a year as a stopgap. At some point the software does not pass the ‘worth it’ factor for the company, and they decide to discontinue support. In a business setting, this is a problem you should see coming, and have a solution to well before the abandonment date.
Now that many companies have employees working from home, it’s an even more important time to focus on patches and updates. If employees are using a personal computer, this device is an unknown on the business network. Even if employees are only accessing email, and remote services, patching and updating is still a critical step to keeping that personal machine working. Educating users about the basics of IT security is always important, but now it’s even more critical as many employees are using person equipment to do their job.
Quanexus IT Support Services for Dayton and Cincinnati
Request your free network assessment today. There is no hassle, or obligation.
If you would like more information, contact us here or call 937.885.7272.
Follow us on Facebook, Twitter and LinkedIn and stay up to date on by subscribing to our email list.
