11.6 Patch Management
Patches and Hotfixes
- Hotfixes are an update to fix a specific customer issue and not always distributed outside the customer organization.
- A patch is a small piece of software designed to fix problems, security vulnerabilities, and bugs and improve the performance of a computer program or its supporting data.
- Users may be notified through emails or through the vendor's website.
- A patch can be considered as a repair job to a programming problem.
- Hotfixes are sometimes packaged as a set of fixes called a combined hotfix or service pack.
What is Patch Management?
- "Patch management is a process used to ensure that the appropriate patches are installed on a system and help fix known vulnerabilities"
- An automated patch management process:
- Detect: Use tools to detect missing security patches.
- Assess: Asses the issue(s) and its associated severity by mitigating the factors that may influence the decision.
- Acquire: Download the patch for testing.
- Test: Install the patch first on a testing machine to verify the consequences of the update.
- Deploy: Deploy the patch to the computers and make sure the applications are not affected.
- Maintain: Subscribe to get notifications about vulnerabilities as they are reported.
Identifying Appropriate Sources for Updates and Patches
- First make a patch management plan that fits the operational environment and business objectives.
- Find appropriate updates and patches on the home sites of the applications or operating systems' vendors.
- The recommended way of tracking issues relevant to proactive patching is to register to the home sites to receive alerts.
Installation of a Patch
- Users can access and install security patches via the World Wide Web.
- Patches can be installed in two ways:
- Manual Installation: In this method, the user has to download the patch from the vendor and fix it.
- Automatic Installation: In this method, the applications use the Auto Update feature to update themselves.
Implementation and Verification of a Security Patch or Upgrade
- Before installing any patch verify the source.
- Use proper patch management program to validate files versions and checksums before deploying security patches.
- The patch management tool must be able to monitor the patched systems.
- The patch management team should check for updates and patches regularly.
Patch Management Tool: Microsoft Baseline Security Analyzer (MBSA)
- Microsoft Baseline Security Analyzer (MBSA) checks for available updates to the operating system, Microsoft Data Access Components (MDAC), MSXML (Microsoft XML Parser), .NET Framework, and SQL Server.
- It also scans a computer for insecure configuration settings.
Q1) Which of these is a patch management and security utility?
- MBSA
- BSSA
- ASNB
- PMUS
A1) Microsoft Baseline Security Analyzer is a patch management utility built into Windows for analyzing security.