Application patching refers to applying updates to software applications. It is absolutely critical for ensuring system security and must be done as soon as practicable. Time is key with patching: it is ideal to apply patches within 48 hours of release from the relevant software provider or vendor. When installing new applications, always use the latest version which typically includes the latest patches. For some vendor applications, upgrading to the latest version is the only way to patch a security vulnerability and in most cases, this is the preferred approach to managing the ongoing task of patching your applications.
Note: To maintain visibility of what software requires patching, keep a consistently up-to-date inventory of software installed on every computer, especially devices that might only occasionally connect to the organisation’s network such as spare or older machines, field laptops and handheld data capture devices.
In the SECMON1 blog post ‘Security Overview – Information Security Essentials’, we spoke about what application patching is and why it is an essential security measure.
In this document, we are going to provide some basic application patching steps for the most consistently vulnerable applications (Microsoft, Adobe and, web browsers), as well as provide you with some interesting and important links where you can educate yourself further on this topic and identify what other options are available to you.