Why do we patch?

By Anne Stanton and Susan Bradley 22 Dec 2004 | Ecora

Digg This!     StumbleUpon     Del.icio.us

Get a glimpse inside the e-book "The complete patch management book" by Anne Stanton, president of Norwich Group, and Susan Bradley, Microsoft Small Business Server MVP. This series of book excerpts will help you navigate Chapter 1, "What is patch management?," courtesy of Ecora. Click for the complete book excerpt series.

Why do we patch?

It is obvious that we patch because software is not processing commands correctly. This mis-processing could range from elevation of privilege to information disclosure. Threat modeling, a text that explores what an adversary might attain by exploiting a flaw defines the following threat categories:

• Spoofing identity
• Tampering with data (also called integrity threats)
• Repudiation
• Information disclosure
• Denial of service
• Elevation of privilege

Patch management ensures that correct code replaces incorrect code. However, it is not the only way to reduce risk. The patch management process also includes mitigation techniques that are not actual patches but include additional procedures to protect networks if the patch is not available, or if admins cannot apply it to a network, or if there are other reasons that preclude applying the patch.

Footnote: Swiderski, Frank and Window Snyder "Threat modeling," Redmond, WA: Microsoft Press 2004.

Click for the next excerpt in this series: What is included in a Microsoft patch?

Click for book details or get more information from Ecora.

---

Tags: Patches, alerts and critical updates,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Patches, alerts and critical updates Structuring patch management in seven steps Underlying causes of inconsistent patch management Microsoft's Online Desktop Manager caters to small IT shops Microsoft's Patch Tuesday brings a bumper crop of security fixes Act fast with five critical September patches Microsoft's August patches run the gamut Patching third-party browsers adds more work in Windows shops Troubleshooting Microsoft WSUS connectivity issues Windows security tools for the busy desktop administrator The state of enterprise security and emerging threats in 2009

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary drive-by download  (SearchEnterpriseDesktop.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary