Updates and the Road to Hell

Right now is the perfect storm of updates. In improver to the seemingly endless stream of operating system (Bone) updates, there are updates for applications and now updates for your hardware. We've all go used to the monthly release of patches to Microsoft Windows to the bespeak where nosotros expect Patch Tuesday every month. But at present at that place's more.

Security researchers uncovered problems with Intel'south Management Engine, which lives in its ain niggling OS within Intel processors. So, researchers found serious problems with the way processors programme plan execution, which led to vulnerabilities labeled Spectre and Meltdown. Meltdown affects security boundaries in processor caching while Spectre is involved with speculative execution and affects all processors, non just those from Intel. (For a full description, read Tom Brant's How to Protect Your Devices Against Meltdown, Spectre Bugs column.)

So, in addition to the usual updates to Windows and Linux and the less frequent updates to MacOS, nosotros're now seeing updates to the processors that support them. In the fall of 2022, Intel provided updates to the Management Engine to PC makers, which then issued firmware patches. Later on that came patches to firmware and processor microcode to fix Meltdown on Intel processors, and to some extent Spectre on well-nigh every processor.

The Spectre and Meltdown patches are too showing up in Bone software, so an important Windows Update was issued on January 3, out of the normal Patch Tuesday sequence. And, of form, there was still the regular Patch Tuesday.

To Update or Not to Update

All of a sudden, in that location are a lot of updates flying around. Do yous just employ them as fast as they testify up? The answer is: probably non. Intel is already addressing problems with some older processors that started rebooting one time the patches were applied. Now there are reports that some industrial control systems are malfunctioning every bit a outcome of the patches.

Clearly, you lot should recall twice about simply applying patches as they prove up. But you lot also accept to worry about the consequences if you lot don't. How to decide?

The consequences of choosing not to perform an update are known. Eventually, an unpatched vulnerability volition open up your systems to one of many exploits and that volition crusade information loss and all of the bad things that follow. But there are consequences that arise from choosing to patch as well. In addition to the problems related to Intel'southward fixes, there are times when updates to your OSes can cause issues. Yous need to consider those.

For example, it's possible that locally written or some custom apps might non work properly afterwards applying a patch to Windows. This is very rare these days just the possibility exists. If you have such an app, then yous must examination the update before yous apply it to all of your systems.

Problems are more than probable when the update is a major one, such as when many computer systems were updated from Windows vii to Windows 10. Then, despite the fact that commercial software should handle the transition, it's still important to examination past making the alter on a few computers before going all the mode.

Nether normal circumstances, when you're dealing with function computers running part apps, there's piffling reason not to let the update happen as shortly every bit the workload of the person using it permits. There'southward lilliputian risk from the update and the risk from users doing something they shouldn't is quite high.

Special Considerations With Servers

Computers used every bit servers are a different problem. At that place the risk from users is somewhat lower only the risks that may come up from an update with bug are higher. In addition, at that place'due south the price of downtime if the server is essential to your business. In such a instance, the process of applying the update needs to be considered carefully.

Perhaps the best fashion to update servers is one at a time, starting with a spare. You update a spare server and test that. When you're confident it's running as it should, then swap out a server with the updated 1. Hang on to the quondam one for a while just in case the update doesn't play well with the balance of the network and then update it. Depending on how many servers you take, you may do this 1 at a time or you may automate information technology using your patch management software.

What's primal is that you don't simply put off doing your updates forever. Many of the information breaches that succeeded in 2022 and earlier were possible considering the hackers used exploits that depended on unpatched vulnerabilities that take had updates and patches available for months or years merely which were never practical. The ready availability of exploits adult by the intelligence community--and since leaked--makes the risks of not patching even greater.

If you lot split up upwards the decision making, it becomes easier. Beginning, patch immediately those systems where the risk of patching is depression and the risk of not patching is highest, which includes your office machines and whatsoever public-facing computers. Next, apply patches and updates to systems where you can afford a curt period of downtime, such as servers that tin become offline overnight.

Finally, consider the patch-and-replace arroyo to the rest of your systems where you have more than time to exam and reanimation is minimized. Once again, requite systems you swap out fourth dimension to make sure they play well on the network.

But whatever you exercise, don't fail to apply critical patches. Schedule them to work with your requirements merely don't simply put them off. You lot don't want to be the next company to hitting the front pages because of an attack.

Source: https://sea.pcmag.com/microsoft-windows-10/19212/updates-and-the-road-to-hell

Posted by: mimsvinfer.blogspot.com

Share this post