News Stay informed about the latest enterprise technology news and product updates.

Why do we patch?

Get a quick overview about why you need to patch in this excerpt from Chapter 1 of "The complete patch management book."

The complete patch management book Get a glimpse inside the e-book "The complete patch management book" by Anne Stanton, president of Norwich Group, and Susan Bradley, Microsoft Small Business Server MVP. This series of book excerpts will help you navigate Chapter 1, "What is patch management?," courtesy of Ecora. Click for the complete book excerpt series.

Why do we patch?

It is obvious that we patch because software is not processing commands correctly. This mis-processing could range from elevation of privilege to information disclosure. Threat modeling, a text that explores what an adversary might attain by exploiting a flaw defines the following threat categories:

  • Spoofing identity
  • Tampering with data (also called integrity threats)
  • Repudiation
  • Information disclosure
  • Denial of service
  • Elevation of privilege

Patch management ensures that correct code replaces incorrect code. However, it is not the only way to reduce risk. The patch management process also includes mitigation techniques that are not actual patches but include additional procedures to protect networks if the patch is not available, or if admins cannot apply it to a network, or if there are other reasons that preclude applying the patch.

Footnote: Swiderski, Frank and Window Snyder "Threat modeling," Redmond, WA: Microsoft Press 2004.

Click for the next excerpt in this series: What is included in a Microsoft patch?

Click for book details or get more information from Ecora.

Dig Deeper on Windows 10 security and management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.