Why do we patch?

Get a quick overview about why you need to patch in this excerpt from Chapter 1 of "The complete patch management book."

The complete patch management book Get a glimpse inside the e-book "The complete patch management book" by Anne Stanton, president of Norwich Group, and Susan Bradley, Microsoft Small Business Server MVP. This series of book excerpts will help you navigate Chapter 1, "What is patch management?," courtesy of Ecora. Click for the complete book excerpt series.


Why do we patch?

It is obvious that we patch because software is not processing commands correctly. This mis-processing could range from elevation of privilege to information disclosure. Threat modeling, a text that explores what an adversary might attain by exploiting a flaw defines the following threat categories:

  • Spoofing identity
  • Tampering with data (also called integrity threats)
  • Repudiation
  • Information disclosure
  • Denial of service
  • Elevation of privilege

Patch management ensures that correct code replaces incorrect code. However, it is not the only way to reduce risk. The patch management process also includes mitigation techniques that are not actual patches but include additional procedures to protect networks if the patch is not available, or if admins cannot apply it to a network, or if there are other reasons that preclude applying the patch.

Footnote: Swiderski, Frank and Window Snyder "Threat modeling," Redmond, WA: Microsoft Press 2004.

Click for the next excerpt in this series: What is included in a Microsoft patch?


Click for book details or get more information from Ecora.

Dig deeper on Patches, alerts and critical updates

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchVirtualDesktop

SearchWindowsServer

SearchExchange

Close