Applying updates, patches, fixes, and service packs is one of the quickest and e

Question

Applying updates, patches, fixes, and service packs is one of the quickest and easiest ways to mitigate vulnerabilities on network systems and servers. For this week's discussion, you are to investigate and document the process for patching servers and systems on a network. (Hint: it has uses many of the steps from the change and configuration management processes.) What are the steps to ensure your servers and systems have the most up to date software and firmware installed on them? How do you ensure systems are patched correctly? Document any external references used in your post.

Explanation / Answer

According to leading patch management vendors only 14% of patches apply to Microsoft technologies. The remainder are attributed to other technologies installed on devices. Patch management aids in reducing the vulnerabilities experienced, the aim is to maintain the security of computers.

However patch management is also the cause of frustration for many of us, most feel that patches seem to cause more hassle than good some of the time. Patching should be encouraged as the practice is vital in keeping OS and applications secure and up-to-date.

In this article we will look at ways to achieve an effective Patch Management System whereby the advantageous results of patching can be achieved and the frustration alleviated where possible.

Introduction

Network and computer security is more crucial than ever, patching forms a key part. An effective Patch Management System will not only fend off malware and worms but also alleviate the frustration sometimes caused as a consequence of patching. Patching may also be a requirement for compliance, many organisations are required to have a Patch Management System in place to maintain compliance with certain regulations and standards such as ISO 27001 and ISO 270012.

When undertaking patching correctly we expect patching to reduce vulnerabilities, improve performance, improve usability and assist in achieving compliance, however this is not always the only outcome and is the cause of frustration for many of us, one vulnerability is ‘patched’ yet we are left with other problems to rectify. The key to mitigating this problem is patch testing before applying the patch to live systems, a practice not often seen in the industry.

Patch management is necessary, and if applied correctly it is highly beneficial however patches are also the cause of conflict with other software and hardware within our system environment and are responsible for creating new problems that were not present before the patching.

Patches, additional code for replacing flaws in existing software, usually fall within the following categories:

Patch management should be a proactive strategic and planned process to determine the application of patches needed to specified systems at a specified time. Without an effective patch management system in place, organisations are not effectively managing security quality and risk.

Challenges hindering effective patch management

Benefits of an effective patch management system

Steps to achieving an effective patch management system

For the policy to be effective it should include the following:

The responsibility of this team will include:

It’s important to verify that the patch has installed correctly after deployment. If the patch has failed to install correctly or fails to install, a resolution procedure should be in place to follow. Verification should always be commenced to ensure that the patch is present after installation.

It may be helpful to have a help desk in place for end-user support associated with patching.

Automation is the route to sustainability, manual patching will not be effective for the long-term. Numerous tools will be required within the patch management repertoire of the organisation, no one tool will be efficient to cover everything. For effective automated patch management, caution should be taken to manage the tools so that further risks are not acquired through their use.

It’s also recommend to apply patches in phases.

This is necessary to keep track of corrective measures and patch exclusions. Over time this becomes challenging if you do not have some form of risk database in place to maintain control and track the correction actions that need to be applied.

It is essential to validate the effectiveness of the Patch Management System in place and establish the current vulnerability state of the organisations systems. By gauging certain criteria, such as the maturity of the patch management system, cost involved to deploy the patch management system, compliance and risk, performance of the system can be measured.

It should be appreciated that this process is continually evolving, and will change as the Patch Management System matures.

This should be a continuous process and necessary changes should be considered if and when needed.

Conclusion

Without an automated patch management system in place, the likelihood of keeping up with effective patching is small to none. A Patch Management System will take a load off organisation resources and ensure security is maintained.

The importance of testing patches before patch deployment cannot be emphasised enough, patches break things, cause conflicts and create problems with other software, test environments should be mandatory.

Many people believe that the Microsoft recommended patches cover majority of vulnerabilities, however this is not the case, on the contrary the associated vulnerabilities are only a fraction of those we are likely to face on a daily basis. We cannot solely rely on those patches, updates and service packs supplied through Microsoft and assume all vulnerabilities are covered. Following this approach without thinking twice or testing prior to patching may be the cause of unnecessary frustration brought about by avoidable conflicts and breakages. Test before you patch.

We must remember that many applications exist outside of the operating system and they can contribute a large surface area of vulnerability.

Vulnerabilities in software will continue to be a risk factor and to remain secure, an effective patch management system is essential.

Two types of updates keep your Surface performing its best: Surface hardware updates (also known as firmware) and Windows software updates. Both types install automatically as they become available

Here are some important tips:

Step 1:

Go to Start windows and select Settings > Network & Internet.

Step 2:

Select Advanced options and move the toggle for Set as metered connection to Off.

Update Surface and Windows

When updates become available, they’re installed automatically on your Surface over Wi-Fi but may be limited over a metered connection. To get all the updates, connect to Wi-Fi first. Windows notifies you if you need to restart your Surface to finish installing an update.

Follow these steps to ensure that all Surface and Windows updates are installed:

Step 1:

Plug in your Surface, and make sure it's charged to at least 40 percent.

Step 2:

Go to Start windows and select Settings > Update & security > Windows Update.

Step 3:

Select Check for updates. Install any available updates.

Step 4:

Restart (don't shut down) your Surface.

Notes

After installing Surface or Windows updates, it is important to verify that the updates are completely installed by following the additional steps below. Under some conditions, you may get a Windows notification or see the message “We couldn’t finish installing updates” in the Windows Action Center. The Windows Update history may also show a status of “Requires a restart to finish installing” for a particular update.

Step 5:

Go to Start windows and select Settings > Update & security > Windows Update.

Step 6:

Select Advanced options and select View your update history.

Step 7:

If any update has a status of “Requires a restart to finish installing,” restart (don't shut down) your Surface.

Step 8:

Go back to Step 5 and repeat until you no longer have any updates that have a status of “Requires a restart to finish installing.”

Step 9:

Go back to Step 2 to check for any additional updates.

When a Surface firmware update is available, you’ll see a notification on your Surface. Follow the instructions to update your Surface using Windows Update.

Step 1:

Go to Start windows and select Settings > Network & Internet.

Step 2:

Select Advanced options and move the toggle for Set as metered connection to Off.

Related Questions

Navigate

• Browse (All)
• Browse A
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.