If you follow the news in the slightest, you’ve probably heard of WikiLeaks, the organization responsible to for publishing volumes of classified secrets for the world to see. Lost among the shuffle of what various politicians were up to, WikiLeaks leaked another significant piece of information. The US Intelligence community has spent several years finding, documenting and writing exploits for various vulnerabilities in the Windows Operating System.
In a not so shocking turn of events, the tools for exploiting these vulnerabilities has been leaked to the public as well. That’s just peachy. Now every basement-dwelling script kiddie in a Guy Fawkes mask can run CIA level hacks against any Windows machine they can find.
Fortunately, Microsoft released patches for these exploits over a month ago.
Which brings me to this question: How do you handle OS patches today?
Based on what we’ve read in the news, odds are you simply aren’t patching.
Too many IT professionals adhere to one of two patch management “strategies.” They either: patch ad hoc as high-level vulnerabilities come out; or patch after systems have already been compromised … maybe “strategy” isn’t the word we’re looking for. “Reactionary patching tactics” is better.
If you’re a home user or concerned about your personal devices, turn on automatic updates, let them run and reboot. The end. Thanks for stopping by.
Now, on to the IT professional crowd. Look, I get it. Patching software sucks. Yes, it takes time. Yes, sometimes the patches break something. Yes, you’ll have to reboot systems and explain to the bosses why they must be rebooted. Let’s look at that…
Would you rather spend your time preemptively heading off a problem at a time of your choosing? Or spend hours patching, restoring and explaining to your boss’s boss’s boss just how the systems got “pwn’d?”
Would you rather patch and run the risk of something breaking at the time of your choosing? When you’re prepared, or when it is least expected and most inconvenient? Because let me tell you, the folks exploiting your system don’t care that it’s the weekend of Aunt Tilly’s retirement party.
If you have a single system that cannot be out of service for a maintenance interval and must “never go down” you need some additional help. There’s no such thing as a computer that doesn’t go down. They all do, sooner or later.
With tools like WSUS and System Center, patching is a lot easier to manage. Here’s a good writeup on patching strategies.
It’s a new day, and network security is more than perimeter firewalls. Call Mirazon to get more information on our multi-layer security approach.
Now, about your firewall’s firmware …