Understanding Updates & Patches

Posted by Rebecca Prince on November 10, 2016

Security and Patches Blog

If you own a mobile device, you are familiar with updates. It seems that not a day goes by that one or more of your apps have a new version available for you to update. In addition, Android, Apple, and all of the other manufacturers provide periodic updates to enhance the device and address known issues.

While the vast majority of these updates (also referred to as patches) that you receive provide cool new enhancements, from time to time they are also addressing potential security vulnerabilities. By installing the update or patch, the issue is addressed or enhancement is added. One of the most important and convenient aspects of a mobile device is how easy it is to receive notifications about these updates and the quick and painless process in which it takes to apply them. 

Unfortunately, when it comes to your personal computers, it’s not always that simple. While operating systems such as Microsoft Windows 10 have come a long way in helping the user to get the very latest updates and patches installed, there is still much that is left to third party manufacturers which leaves hundreds of thousands of people vulnerable on a daily basis.

Windows UpdateIf you are running on a newer version of Microsoft Windows or Apple OS then you should automatically receive notices whenever new updates become available. Depending on your setup, the updates may automatically install. These updates are important, and it is always recommended that they are installed immediately. However, it is extremely important to understand that these updates are only addressing issues within Microsoft and Apple products and not the many other software packages you may have installed on your computer.

Third party applications running on your computer also require security updates from time to time. But unfortunately, many of these products do not have the features to notify you about these updates. Instead, many manufacturers rely on sending out email notifications or even worse, expect that you will periodically check their websites to see if any new updates are available. The problem is that any application left un-patched can put your computer at risk.  

EmailWhen you receive emails or browse on the Internet, third party applications running on your computer may be called to process some of that activity. If an email or website contains malicious content, these applications can be exploited allowing malware to be installed on your computer. For example, criminals continually send PDF documents via email to employees of organizations. Generally, these emails will look like they are sent from a legitimate source such as a co-worker, and the PDF attachment will be referenced in the email as something important that the recipient should read. If the user has not kept up with all third party patches and updates such as those from Adobe, simply opening the attached PDF file can install malware automatically. That is, if the user has not kept up with all third party patches and updates, which in this case would include updates from Adobe. Of course the recipient will have no idea this has happened and the PDF will look normal to him or her. This is often how criminals gain access to organizations’ networks all over the world.

Some organizations have internal patch programs designed to keep all computers updated with the latest versions of the software and patches. Others rely on the employees to install updates as they become available.  It is important that you understand the policies of your organization and your personal roll in installing these updates to ensure that your computer has the very latest security patches applied. In addition, if you become aware of an application running on your computer that requires an update, based on the policies of your organization you should address the update immediately.

PoliciesIn addition, if you work from home or communicate with co-workers via email using a personal computer, it is extremely important that you maintain the same security through updates and patches as you do for your computer at work. Remember that if your personal computer becomes compromised, cyber criminals can use that device to begin targeting your co-workers in an effort to gain access to your organization’s network.

Software security has come a long way but new vulnerabilities continue to be discovered. Updates and patches are critical in ensuring that your computer is not vulnerable to external cyberattacks.  Be sure to read the other "Security Through Updates & Patches" documents and never let your guard down when it comes to protecting your computer.

Blog contributed by Stickley on Security

Topics: Security