Top 4 Reasons for Failure of Patch Updates

Patch Update failure. We hear it all the time! Reports cite that 75% of attacks use publicly known vulnerabilities in commercial software. These attacks can be prevented if the software is patched regularly. If you are running an outdated version of a software on your network, you are obviously vulnerable to security compromises.

Consider the recent breach at AdobeRegistered. Part of the break-in involved some known vulnerabilities with their AcrobatRegistered ReaderRegistered and their ColdFusionRegistered Web application platform which resulted in the theft of source code.

Missing the security approach

One of the main reasons for the security breach could be patch management. In most cases, we see patches as more of an operational routine without considering the security aspects. Taking a security approach with patches gives you the perspective of what patches to apply and when.

  

Do you test the patches before deploying to your network?

For most vulnerabilities, the fixes become available pretty quickly but they need to undergo a risk assessment and compatibility check before they are deployed. It would be advisable to employ a patch management software that researches, scripts, packages, and tests patches for common 3rd-party applications. Then it delivers ready-to-deploy patches. Also, you need to create advanced before-and-after package deployment scenarios to ensure that complicated patches, such as OracleRegistered JavaRegistered deploy successfully without using any complex scripting.

  

Do you prioritize your patches?

You don’t necessarily need to update all the applications in all your devices in your network in the first batch.  However, make sure that you patch your critical security vulnerabilities ahead of other patches. If you do not prioritize, test, or make risk assessments on your patches, you increase the chances that your patch management will fail.

  

Poor implementation

There are situations where organizations do not clearly understand the limitations of their existing solutions and need to extend their capabilities with the help of add-on solutions. For example, if you are using Microsoft System Center Configuration Manager (SCCM), you need to understand that it is not a complete solution for your patch issues as they leave a gap when it comes to non-Microsoft applications. This means that you are still vulnerable when it comes to 3rd-party applications and the consequences of such vulnerabilities, if exploited, can have a devastating impact upon your IT environment. Having an efficient patch management software would help extend the power of SCCM and also manage 3rd-party patches.

   

Lastly, you need to ensure that your patch manager is capable of alerting you when your patch updates are unsuccessful, i.e. they need to be able to send you notifications on the unsuccessful patch updates.

Stay secure folks!

  • I ask with the iPhone 4S in mind, but the same thing can happen to computers. Identical machines acquiring the same update can have different results. How can that be?

    Sent from my iPhone

  • Mike,

    Thanks for the question. One of the core reasons for the update to work on some devices and not others is mainly because of the compatibility of those devices. For example, if there is a patch available for a particular application, and that update requires that your system to have a minimum of .NET 3.0 and if your current system is not upgraded to that - patching might fail.

    To clarify can you please tell me whether you are talking about the situation where the patch is not being applied properly (patch failure) or patch is applied but that doesn't work well?

  • Here is a question for you. How is it that updates can work on some devices but fail on others? Sometimes the same update gets applied to the same device but they could both respond differently to it. Some features could break on one but be perfectly fine on the other. What causes this to happen?

Thwack - Symbolize TM, R, and C