This situation is a great example of the importance of patch and firmware management. Just because a system is hosted in the cloud, it does not mean that you are not responsible for parts if not all of the patch and firmware oversight. Pay close attention to your service level agreements and other cloud services documentation.
If you are using these particular Azure services from Microsoft, please review this content and patch accordingly.
The Patch Tuesday cycle has begun once again and the team at Fortinet has announced some of the conditions surrounding several of the Windows and Office related patches that have been released by Microsoft. Please review your environments and patch your systems accordingly.
We face quite a bit of patching work this week. Microsoft has released numerous patches addressing multiple vulnerabilities including some fairly serious issues with DHCP. Cisco has released several patches including a specific patch addressing a “default password” vulnerability in CSPC – the platform collector for device management. Adobe has also released multiple patches across their application suites including some patches specific to Photoshop. To pile on a little more, WordPress has released patching in version 5.1.1 to address possible unauthenticated code execution flaws.
All of these updates and patches come on the heels of the recent Google Chrome update that so many had to address immediately due to “in the wild” exploits.
Please review your environments, including your third party applications and web server platforms, and patch accordingly.
For the second month in a row, Microsoft has been forced to pull an update due to adverse affects on production environments. This is concerning. Please review your current patch status and pull/back out this patch series if necessary.
This is an interesting read – both the article and the draft provided by Microsoft – concerning patch development and an organization’s commitment to address bugs based on severity and defensive layers. I commend Microsoft for their willingness to release this draft and seek public / industry comments.
So exactly how important is patch management in an organization? How important is protecting architectural knowledge? Oh yeah…
No one can say that they did not know this was coming, but I must admit I am excited that the light at the end of the tunnel is visible. We are getting closer to a day when this patch management nightmare will be over. Rest in peace Adobe Flash….as soon as possible.
At the end of the day, most decisions in IT Security are risk-based. You, as an IT Security professional, have to weigh pro’s and con’s and consider what decisions will effectively lower risk while maintaining the business or functional goals for the organization you are protecting. This article does a good job reviewing that decision making process from the perspective of patch management.