With the propagation of the Wanna ransomware attack that spread to computers that had not been updated, the infestation reinforced the importance of keeping your systems up to date. Simply applying the Microsoft patch MS17-010 is enough to protect against the EternalBlue exploit that enabled the rapid spread of the Wanna ransomware attack, and it was available for weeks before the attacks. Given that information on how easy it is to stay safe, why were so many people affected?
The answer is those affected did not have an effective policy in place to ensure that their systems were all running the latest versions of software. By simply keeping your hardware and software up to date with the latest releases from the manufacture, you can ensure that you are not vulnerable to attack by such exploits.
“Patch Tuesday” (aka Update Tuesday) is the unofficial term used to reference the day of the week when Microsoft releases security patches for their software products. Updates are released on the 2nd Tuesday of each month from Microsoft to customers who choose to distribute the updates themselves.
Other companies have followed suit and schedule the install of their security updates to coincide with Patch Tuesdays. Since November 2012, Adobe schedules updates to their Flash Player to release on Patch Tuesday. The main reason for this schedule is that Flash Player comes as part of Windows, and Flash Player updates need to be published at the same time to prevent reverse engineering.
Many exploitation events have been experienced shortly after the release of a new update. Black hats will study what vulnerabilities the patch resolves, then immediately take advantage of the exploit which remains within unpatched systems. For this reason, the term “Exploit Wednesday” was coined.
So, when should you schedule your updates? Given that the patches are released on Tuesdays, it makes sense to set your systems to update on Wednesday, right? WRONG, Wednesday is NOT the day you want to install fresh releases from Microsoft. Of course, following the habits I spoke of in this earlier article, make sure your systems are backed up before applying systems patches.
Ask any experienced IT Engineer and they can tell you a story of being stung by Patch Tuesday. The pain comes when a vulnerability fix is released that causes an interruption of service. The patch worked well when the vendor tested it in their environment, but the patch ends up causing issues with systems in production. My most recent experience of this was in early on 2016 when a patch came out on a Tuesday after we had performed a major overhaul of the server infrastructure the previous weekend. That Wednesday, employees could not connect to their email, and we had made no changes since the weekend. After taking the time to reassess our work, it was discovered that an employee at the client site had approved a newly released patch for the server on Wednesday morning that caused a network failure. When we uninstalled the update, normal operations resumed.
Whenever a bad patch is released, the vendor scramble to deploy another update to fix the issue and that work usually occurs on Wednesday. By Thursday, the vendor has made the update available to the public, and by Friday, we can tell if the latest release regains stability of our systems. All that to say, the best days to schedule the approval of patches are Saturday and Sunday. This allows updates to run at a time when computers will most likely not be in use and ensures that any issue with a release has been resolved. We recommend to schedule updates at an off hour such as 2:00am. This allows the updates to automatically download, install when downloaded, and restart when completed. This is the least intrusive way to install your updates and minimizes disruption to your organization. If you require the manual install of updates, you should choose Monday to approve updates.
Here are some basic rules of applying updates to a system:
- Identify patches that are available,
- Identify patches that are applicable,
- Identify patches that are needed,
- Install only the patches that are necessary.
The best way to keep track of necessary updates is to monitor security sites for announcements of patches from sources such as SANS, National Vulnerability Database, etc.
Even better, have an IT support company such as Advanced Systems Solutions as your partner to act as your IT Security Officer and provide a fresh prospective to your operations and keep you up to date of potential security issues.
If you would like to see how effective your patching procedures are, contact Advanced Systems Solutions and mention this article to receive a free month of monitoring of your servers or workstations to determine if you are staying current with the latest security patches.
Disclaimer: The above information is not intended as technical advice. Additional facts or future developments may affect subjects contained herein. Seek the advice of an IT Professional before acting or relying upon any information in this communiqué.
