When It Comes to Patch Management, Zero Day Can Be the Longest Day
Zero-Day, the Longest Day?
Ever since childhood, you learn that things go “Boom!” when you count down to zero…
Sometimes that’s a good thing: The engines ignite and a rocket lifts off
Sometimes that’s a bad thing: A bomb detonates
The question for software development and IT support teams is what does zero-day mean in terms of impact on end-users and what, if anything, they can and should do about it.
Zero-Day Defined
Despite software vendors’ best (or sometimes not) efforts, all software has bugs in it. Some of these bugs present opportunities that malicious users can take advantage of to gain access to a network, functionality, or data that they aren’t authorized to use.
Zero-day vulnerabilities are the bugs the vendor doesn’t know about. When hackers exploit them, this is called a zero-day exploit. Once vendors learn of a vulnerability, they work to create a patch to close it. Microsoft regularly issues patches on one or two Tuesdays per month, with occasional patches issued at other times.
Patches Close Zero-Day Vulnerabilities
Once a patch is issued, you can close the vulnerability by installing the patch. Yet it must be noted- If you don’t install it, your vulnerability to the zero-day exploit continues indefinitely. This is one reason it’s important to remain on supported versions of operating systems and application software, as well as pay for maintenance support. When you’re on an unsupported version, patches are no longer created — even if a security hole is later identified. Because code is commonly shared between versions, a hole found in the latest, supported version of the OS might exist in your older, unsupported version. But the vendor will only issue a patch for the supported version, meaning the zero-day vulnerability can’t be closed on an older system.
Because of the risk of these exploits, many companies require their computers to be maintained at current patch levels. In some ways, this is the “safe” decision. It’s important to realize, though, that there are risks associated with patching systems as well.
Patches Have Risks
The biggest risk is that installing a patch will somehow break an application. Patches are software, and as likely to contain bugs as any other software. There’s also the cost of downtime involved with deploying a patch, plus the potential of a failed deployment leaving a computer unusable until it can be restored. If the patch isn’t simply “under the hood” but makes a change that end-users can see, they may need some time to become familiar with the new way things work.
Create a Patch Management Strategy
Rather than automatically deploying all patches to every computer, companies should evaluate the risks involved. If a PC isn’t connected to the network, there may be very little risk of leaving it unpatched. When patches do need to be deployed, companies should think through how they can complete the deployment while minimizing the risk to their operations. Deploying to a few machines at a time and keeping some machines unpatched as a fallback are two options to consider.
The best way to develop a patch management strategy is to speak with an IT services provider like Bay Computing. We can help you evaluate the threat of vulnerabilities and plan a safe approach to deploying patches. Contact us, your San Francisco IT Services Provider to hit “stop” on the countdown to zero.
Comments are closed.