IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [patching]

A patch is small program that updates another program, usually to fix a specific issue. Patches are also often called fixes.

A patch is small program that updates another program, usually to fix a specific issue. Patches are also often called fixes.

104 questions
95
votes
5 answers

How do services with high uptime apply patches without rebooting?

How are critical security updates installed on systems which you cannot afford to reboot but the update requires a reboot. For example, services/businesses that are required to run 24x7 with zero downtime, e.g. Amazon.com or Google.
secureninja
  • 851
  • 1
  • 6
  • 5
78
votes
15 answers

How to write an email regarding IT Security that will be read, and not ignored by the end user?

I've observed that several of our users are ignoring messages sent from IT Security managers, and also the system generated "You just sent a virus" notifications. The problem seems to be among people who are not computer savvy, who are in no way…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
75
votes
8 answers

If we are behind a firewall, do we still need to patch/fix vulnerabilities?

I have recently joined a security focused community in my organisation. Many of our products are deployed in the intranet (on-premise) nothing in the public cloud. So, the internal portals can be accessed within the organisation's network…
Rakesh N
  • 851
  • 1
  • 6
  • 6
64
votes
3 answers

Are staggered roll outs of security patches bad?

Many Android devices, including the Google Nexus line, are now receiving monthly security patches via OTA updates, accompanied by the Android Security Bulletins. However, these updates are often released in what is known as "staggered roll outs,"…
tonytan
  • 698
  • 5
  • 8
30
votes
4 answers

Android security without updates

I have an android phone which, like many others, has quickly become unsupported and is not receiving any updates. At the same time there are publicly available exploits for privilege-escalation vulnerabilities, which are mainly used for legitimate…
android user
  • 303
  • 2
  • 4
27
votes
1 answer

What questions should be asked when joining a new security team?

I've accepted a position at a different company working on their security team and have been mentally putting together a list of questions to ask so I can rapidly get up to speed in the environment and start gathering ideas about things to…
bobmagoo
  • 434
  • 4
  • 11
23
votes
6 answers

What reputable site should I download Putty from?

I recently did a Bing search for Putty and can only guess at which distribution is "trusted", contains no malware, or sleuthing code. If you needed to download Putty for a high security Windows installation, where would you get the Binaries from? …
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
22
votes
8 answers

How could someone exploit the OS an ATM is running?

As I'm sure many of you have heard, the end of support for Windows XP is the supposed apocalypse for ATM's worldwide. I am cognizant of the fact that this ensures that no more patches are issued, and that banks need to take that threat seriously.…
DKNUCKLES
  • 9,237
  • 2
  • 37
  • 47
17
votes
3 answers

Patching operational technology products in a manufacturing assembly line?

I have recently moved to the manufacturing sector to take care of security of systems/products, specifically operational technology (OT) products. Based on a recent US CISA advisory, I had to apply a patch to multiple units of the same…
Baranikumar Venkatesan
  • 635
  • 4
  • 12
13
votes
4 answers

Why Can't Google Just Switch to Pushing Android Security Updates Directly to Users?

Okay, I'll just begin with the question and then elaborate a bit below. It is: Why has the world's dominant maker of non-Apple smartphone operating systems, Google, still not adopted a straight-to-the-user model of distributing security updates for…
mostlyinformed
  • 2,715
  • 16
  • 38
8
votes
3 answers

Is there any way to use Nuget securely?

Visual Studio now includes a Package Manager that downloads and updates software packages from the internet. The common name for this is "Nuget" The problem I have is that anyone can pretend to be someone else, by spoofing the owner field. This…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
8
votes
2 answers

How often do security patches break business applications

Are there any statistics on how reliable security patches are? Such as the fraction recalled or corrected? Part of keeping a computer secure is applying security patches to it. The period between a patch being made available and installing the…
Raedwald
  • 518
  • 4
  • 12
7
votes
1 answer

Download Windows 7 security updates and patch offline

I am planning to do a clean Windows 7 OS installation. Is it possible (and/or recommendable) to download all the Windows 7 Security Updates from Microsoft in advance and patch my fresh Windows 7 installation before I connect it to a network? If so,…
Simen S
  • 173
  • 1
  • 1
  • 4
7
votes
1 answer

Is KernelCare kernel patching recognized as a valid method of patching kernels by 3rd party auditors and pen testers?

This is probably more of a compliance question, so if there is a better place to ask, please let me know. Background: It is a long complex story, but we can't easily update our linux kernels due to sub-optimal use of 3rd party software and…
Aaron
  • 181
  • 3
6
votes
2 answers

Patching Mechanism and security holes

Let me clarify two methods of patching softwares and then I will go straight to the question: I am using both MAC OS X and Windows and different mechanisms of these two famous operating systems in handling software updates are interesting to me. …
Yasser Sobhdel
  • 309
  • 1
  • 8
1
2 3 4 5 6 7