Yet another month has come and brought with it Microsoft patch Tuesday and a number of critical patches that need to be applied. To be fair to Microsoft they have made great strides in securing their applications and love or hate patch Tuesday at lease we know that we can expect patches from Microsoft. It is a pity other vendors would not follow suit.
However patches, be they from Microsoft or other vendors, brings with them many inherent risks that we need to consider before rolling them out onto production systems. Will the patches introduce new problems as well as fixing the ones identified? Will they impact on other applications and systems? If we patch we may have problems, if we don’t we may have a security breach. Not the easiest of choices for an IT or Infromation Security professional to have to make.
We recommend you look at the following steps to mitigate the problem;
- A concise and factual presentation should be made to senior management with the options to address the issue laid out clearly, together with the potential downside to each solution.
- Whatever solution is decided upon needs to be agreed to and signed off by senior management.
- An incident response team should be set up in order to (a) respond to any side effects from the selected plan of action or (b) in the event your systems are compromised in spite of the steps taken.
- Remember as part of the plan to ensure that all your backups have been running successfully and more importantly that you can restore them!
- Have key contact details for all relevant personnel in the event of a major problem with your systems, including contacts in third parties such as ISPs, partner companies, extranet contacts etc.
- Communicate clearly with the user population explaining why the patch is being deployed and to report any unusual behaviour.
- Ensure that all Anti-Virus signatures and software is up to date.
- Ensure all Intrusion Detection/Prevention Systems’ signatures are up to date.
- Consider how best to update remote PCs and laptops that may not be connected to your corporate network.
We strongly advise, as with all patches, to ensure that you test and are satisfied that the patch does not negatively impact your environment before you deploy it. It also may be worth keeping on high alert even after deploying the patch as;
- Other new vulnerabilities could still be found in this feature of Windows.
- Not everyone will patch their systems in a timely fashion as we have seen time and time again and their compromise may impact your organisation.