The vulnerability was published on 12/11/2019 and a patch was released shortly after. However, somebody did not apply the patch to this sensitive government server.
Still, we hear so many IT people are fearful of their “downtime-intolerant” management, causing them to postpone (or completely stop) updates to their critical systems. Yes, it is true, on rare occasions, patches do break systems. Therefore testing new patches is essential. Some organizations perform testing for 2-3 weeks, some longer. But delaying it for three years?
4 Reasons Not to Delay Patching
Overall, delaying patching can have serious consequences for the security, performance, and compliance of systems and organizations. It is important to prioritize patching and stay up-to-date with the latest updates and fixes to ensure the safety and reliability of your systems. Otherwise, you may run into one or more of these issues:
- Security vulnerabilities: Delaying patching can leave systems exposed to security vulnerabilities, which can be exploited by cybercriminals to compromise the security of the system and steal sensitive information.
- Malware and cyberattacks: Vulnerable systems are a prime target for malware and cyberattacks, such as ransomware and viruses, which can cause significant damage to the system and compromise the data stored on it.
- Compliance: Many industries and organizations are required by law or regulation to maintain a certain level of security and compliance. Delaying patching can result in non-compliance, which can lead to legal and financial penalties.
- System performance: Unpatched systems can experience degraded performance and stability due to bugs and issues that have not been addressed. This can lead to downtime and lost productivity.
3 Mitigation Actions Recommended by CISA
No surprise that CISA came up with these three now very obvious recommended mitigation actions:
- Implement a patch management solution to ensure compliance with the latest security patches.
- Validate output from patch management and vulnerability scanning against running services to check for discrepancies and account for all services.
- Limit service accounts to the minimum permissions necessary to run services.
Here at Action1, we provide a risk-based patch management solution for distributed work-from-anywhere organizations. Action1 helps to discover, prioritize, and remediate vulnerabilities in a single cloud-native solution to prevent security breaches and ransomware attacks. It automates patching of third-party applications, patching of operating systems, drivers, and firmware, ensuring continuous patch compliance and remediation of security vulnerabilities before they are exploited.