As important as patch management is, it can be unwise and even dangerous to apply patches automatically without knowing what they’re for or if you really need them.

Did you know that the most common way cybercriminals get into a network is through loopholes in popular software, applications, and programs? Despite how advanced modern software is, it is still designed by humans, and the fact is that humans make mistakes. Due to this, much of the software you rely on to get work done every day could have flaws — or “exploits” — that leave you vulnerable to security breaches.

Patch Management Services

Many of the most common malware and viruses used by cybercriminals today are based on exploiting those programming flaws; to address this, developers regularly release software patches and updates to fix those flaws and protect the users. This is why it’s imperative that you keep your applications and systems up to date.

Unfortunately, most users find updates to be tedious and time-consuming and often opt to just click “Remind Me Later” instead of sitting through an often-inconvenient update process.

Comprehensive and regular patch management is a crucial part of proper IT security. Some of the worst data breaches are based on “zero-day exploits”, which are based on exploits found by hackers but not by the developers, leading to severe security risks and an immediate need for patching.

However! It’s equally important to note that you shouldn’t just patch automatically either. As much trouble as you can cause by ignoring vital updates, you can also cause problems by installing every single patch as it’s released.

Case in point: Microsoft’s recent Windows 7 patches have been extremely buggy.

Since the beginning of the year, each monthly Windows 7 patch that Microsoft has released has been problematic, to say the least. This has led to a delay in the release of April’s monthly patch, as Microsoft is still attempting to fix the issues.  As per their official write up on the matter, “Microsoft is working on a resolution and will provide an update in an upcoming release”.

So what kind of issues were introduced through earlier monthly patches for Windows 7?

  • After you install this update, SMB servers may leak memory.
  • A Stop error occurs if this update is applied to a 32-Bit (x86) machine with the Physical Address Extension (PAE) mode disabled.
  • A Stop error occurs on computers that don’t support Streaming Single Instructions Multiple Data (SIMD) Extensions 2 (SSE2).
  • A new Ethernet virtual Network Interface Card (vNIC) that has default settings may replace the previously existing vNIC, causing network issues after you apply this update. Any custom settings on the previous vNIC persist in the registry but are unused.
  • IP address settings are lost after you apply this update.

Whereas the memory leak bug was first noticed in the January Windows 7 patch, the other bugs were all introduced in the March series of Windows 7 patches.

Beyond the absence of a fix for these problems, Microsoft has been dealing with for a month, they also sent out a patch for another bug. This time, it was a patch to fix a bug introduced by another patch for Internet Explorer. The specifics for the patch in question, KB 4089187, are as follows:

Once you have installed this update, security settings in some organizations that are running Windows 7 SP1 or Windows Server 2008 R2 may prevent Internet Explorer 11 from starting because of an invalid SHA1 certificate.

In order to fix the problem, use one of the following methods:

However, if you’re unsure of how to go about manually whitelisting an SHA1 certificate, you can instead simply run the patch released on Friday, March 23 (KB 4089187). Note that this patch only applies to Internet Explorer 11 running on Windows 7 (and Server 2008R2).

As you can see, patch management is not quite as simple as some may lead you to believe. It’s dangerous to ignore patches, and it’s reckless to install each and every patch made available to you. In order to maintain a secure IT environment, you either have to ensure your staff is staying on top of all incoming patches, or better yet, you need to work with a reliable IT Managed Services Provider like Menark Technologies to take care of it for you. Otherwise, your team needs to do the work of researching and understanding each patch, what it’s meant to do, and what problems it could cause for you. Why bother taking that on when you can get the Menark team to do it for you?

To learn more about intelligent update and patch management, contact Menark Technologies at (866) 339-0959 or info@menark.com.

Published By: Scott Clarke on April 20th, 2018