Articles about Patch

According to a new report 39 percent of security professionals say they struggle to prioritize risk remediation and patch deployment, with 35 percent saying they struggle to maintain compliance when it comes to patching vulnerabilities.

The study from Ivanti also finds 87 percent of security pros feel they do do not have access to the critical data needed to make informed security decisions. In addition 46 percent believe IT teams lack urgency when addressing cybersecurity problems.

Continue reading →

New research released from Endor Labs finds that security patches have a 75 percent chance of breaking an application.

It also shows that 69 percent of vulnerability advisories are published after a patch has been released, with a median delay of 25 days between public patch availability and advisory publication, increasing the window of opportunity for attackers to exploit vulnerable systems.

Continue reading →

Patching is something that we all know we have to do. But it is easier said than done. In reality, patching can be hard due to problems around application compatibility, having adequate downtime windows, or more pressing business risks to manage. This can lead to some very serious software problems being left open and vulnerable to exploitation.

Here are three examples of common software vulnerabilities that existed for years with updates available, yet are still regularly targeted by threat actors.

Continue reading →

Proper patch management is an important component of cybersecurity hygiene. If organizations don’t apply fixes to software bugs in a timely manner, they risk exposing themselves to a variety of threats. But scrambling to fix bugs identified by the Common Vulnerabilities and Exposures (CVE) program is not a complete solution. Organizations need to be doing much more.

The CVE and CVSS programs are essential components of information security management systems (ISMS) at most organizations, but they clearly have issues. The CVE program offers a reference for publicly known vulnerabilities and exposures. CVSS provides a way to capture the main characteristics of a vulnerability and produce a numerical score that reflects its severity. Among the many challenges with these programs, CVSS is not a true indication of the risk a CVE represents to an organization. That’s because it attempts to take the environment into consideration but only has limited success doing so.

Continue reading →

Following a security disclosure by Intel way back in June of last year about vulnerabilities affecting its processors, Microsoft has issued a series of out-of-band fixes for the flaws.

In all, Intel revealed details of four data-exposing chip flaws (CVE-2022-21123, CVE-2022-21125, CVE-2022-21127 and CVE-2022-21166) described collectively as Processor MMIO (memory-mapped I/O) Stale Data Vulnerabilities. Now Microsoft has released a total of six emergency updates for various versions of Windows 10, Windows 11 and Windows Server.

Continue reading →