In IT circles, the second Tuesday of each month has a name and a purpose. Patch Tuesday is when Microsoft and other software developers release a new set of security patches. As has been mentioned many times on this site, regular patching is vital to maintaining system uptime and protecting critical data.
Microsoft is at the center of Patch Tuesday so let’s take a look at this month’s updates from the software giant. For July 2018, Microsoft released patches addressing 53 vulnerabilities of which 17 are deemed “critical” and 16 of the critical vulnerabilities affect the Edge and Internet Explorer browsers.
The patch lists refer to a set of vulnerabilities which are also called CVE’s (Common Vulnerabilities and Exposures). CVE’s are tracked in an online database that is used by both the public and private sectors to share information.
The browser vulnerabilities are higher priority for any computer that is regularly used to browse the internet or check email. That also includes servers which are used by remote users to browse or check email.
Microsoft isn’t the only company participating in Patch Tuesday releases. Adobe products Acrobat, Reader, and Flash all have vulnerabilities (over 50) that are being addressed. This will likely require a reinstall of some products.
Finally, Apple may not follow the strict protocol for Patch Tuesday (some updates were released on a Monday) but they are definitely following the spirit of Patch Tuesday by releasing a laundry list of updates for products across the board.
How a small business manages and implements these patches is critical to the IT health of the organization. Remember, it was an unpatched system that allowed the Equifax breach to occur. Those same issues apply to small business as to the largest corporations. Everyone is a target and that isn’t going to change. An IT strategy needs to incorporate a proactive patch plan – IT just can’t wait for security.