Sunday, September 27, 2015

Patching

Microsoft releases patches on Patch Tuesday, many attackers go to work. They
read as much as they can about the patches, download them, and analyze them. They often attempt to
reverse engineer the patches to determine exactly what the patch is fixing.
Next, the attackers write their own code to exploit the vulnerability on unpatched systems. They
often have exploits attacking systems the very next day—Exploit Wednesday. Because many
organizations take more than a single day to test the patch before applying it, this gives the attackers
time to attack unpatched systems. For organizations without a patch management program, it gives
attackers much longer to attack unpatched systems.
Additionally, some attackers discover unknown exploits before Patch Tuesday. They recognize
that Microsoft will be releasing patches on the second Tuesday of the month, so they wait until the
second Wednesday before launching major attacks to exploit the vulnerability. Unless Microsoft
releases an out-of-band patch, this gives them a full month to exploit systems before a patch is
available.

No comments:

Post a Comment