{"id":21578,"date":"2023-08-28T18:08:51","date_gmt":"2023-08-28T14:08:51","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/?p=21578"},"modified":"2023-08-28T18:08:51","modified_gmt":"2023-08-28T14:08:51","slug":"patching-priorities","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/patching-priorities\/21578\/","title":{"rendered":"What to patch first: prioritizing updates"},"content":{"rendered":"

Updating software on employee workstations is a never-ending, constant process. Thus, you may simply lack the resources to keep updating all software. On average, dozens of new vulnerabilities are found every single day; accordingly, many hundreds and even thousands of patches for them are released every month.<\/p>\n

This poses the question: what updates should be a priority? And there\u2019s no simple answer to that. Patching strategies can be very different<\/a>, and finding the one that works best for your company can depend on various circumstances. In this post, I share some thoughts on what software should be patched first \u2014 based on the potential risk of vulnerability exploitation.<\/p>\n

Got any vulnerabilities on your system?<\/h2>\n

Some people believe that the number of discovered vulnerabilities speaks of the given software\u2019s quality. Simply put, more bugs means worse software, and a lack of any ever reported means that software is great. These considerations then affect their choices of corporate software.<\/p>\n

But this is, of course, a misperception: the number of detected vulnerabilities generally speaks of the program\u2019s popularity, not quality. You can find bugs anywhere. And most of the time, bugs are discovered where people look for them. A company could get by using some long-forgotten software product just because nobody ever found any vulnerabilities in it. But that would be an unwise strategy: what if someone actually tries and succeeds in discovering a whole load of them right away?<\/p>\n

In a nutshell, it\u2019s not the number of bugs that matters, but how quickly patches for them come out and if they actually fix problems. Quick and regular patching is a good thing. While rare, sporadic releases \u2014 with the vendor trying to pretend that nothing bad has happened \u2014 are a disturbing sign; such software should be avoided.<\/p>\n

Another good thing is when the developer runs a bug bounty program \u2014 even better if the program is open for everyone. A bad thing is a vendor threatening to sue bug hunters (yes, it happens more often than one would imagine), or worse: dragging people to court for reporting vulnerabilities.<\/p>\n

Operating systems<\/h2>\n

But let\u2019s get back to patching prioritization. The obvious candidates for the highest priority are operating systems. All-important OS updates must be installed as quickly as possible. The risk is self-evident: a compromised OS is the key to the rest of the computer\u2019s software.<\/p>\n

So if you use Windows, it\u2019s in your best interests to at least look through the list of Microsoft updates on the second Tuesday of each month<\/a>, and install them ASAP. But you should still follow the news: if a Windows patch comes out on a different date, it should be installed right away.<\/p>\n

Browsers<\/h2>\n

There are several solid reasons to prioritize browser updates. Firstly, browsers account for much of our digital activity these days. Secondly, browsers by definition interact with the internet, so they\u2019re one of the first to be affected by any cyberthreats. Thirdly, attackers spare no effort looking for browser vulnerabilities, often succeed and quickly turn to exploiting them.<\/p>\n

So try to install browser patches pronto. Additionally don\u2019t forget to restart your browser after an update: until you do, the old, vulnerable version remains in use. Keep in mind that your system may have more than one browser installed. They all need timely updates.<\/p>\n

And speaking of multiple browsers, there\u2019s a couple of things to keep in mind:<\/p>\n