Get Your Patch Tuesday Vulnerabilities Patched on Tuesday
2022-11-9 01:12:21 Author: blog.qualys.com(查看原文) 阅读量:17 收藏

Every IT person is familiar with Patch Tuesdays. It’s the time of the month where IT needs to put their daily work aside and prepare for patching their entire IT environment.

However, for many organizations Patch Tuesday is not a single event that occurs as an isolated point in time. It typically weeks – sometimes months – after Patch Tuesday and can take an extended timeframe to get the assets updated. There are many reasons why timeframes are protracted, the most common being the time it takes IT to research all new patches and create all the necessary processes to test and deploy them to production across the organization.

Based on Qualys Threat Research Unit, it takes on average 12 days for a vulnerability to get weaponized. While threat actors can start exploiting the vulnerability as soon as it is released, being weaponized means, someone published a tool that exploits the vulnerability, and it now becomes much easier for others to access and exploit it. Qualys Threat Research Unit’s data also shows that on average, those vulnerabilities are patched 36 days after the vulnerability was released. This leaves 24 days for adversaries to exploit those unpatched vulnerabilities! Only 2.2% of vulnerabilities are weaponized, however, Microsoft Windows makes up most targets for weaponized vulnerabilities.

The above further illustrates the need to address vulnerabilities released as part of Patch Tuesday sooner rather than later.

What if you could patch on Patch Tuesday?

As Patch Tuesday is a recurring and predictable event, this means that automation can play a key role in simplifying the process but more importantly saves time for the IT team by ensuring patches can be deployed faster and with less IT work involved.

Qualys Patch Tuesday zero-touch, automation allows IT to create automated patch jobs that will automate the testing and deployment of new patches released in patch Tuesday – on Tuesday.

Once the automation policy is created, the task becomes “Zero Touch” – i.e. IT and security teams do not need to invest more time in testing and deploying patches released on Patch Tuesday. Leveraging the power of automation, customers can test and deploy new patches as soon as they are released.

Expand Patch Tuesday to This Month in Vulnerabilities and Patches

Organizations invest time in patching to fix vulnerabilities in their environment. As such, organizations find it beneficial to leverage Patch Tuesday as a triggering event to deploy not only Microsoft patches but also to patch other key vulnerabilities released in the month since the last Patch Tuesday.

With every Patch Tuesday, the Qualys research team is analyzing all the Microsoft newly released vulnerabilities but also the past month’s vulnerabilities from all other vendors. Based on its analysis the research team identifies the key, most critical vulnerabilities released in the last month and shares this information with our customers.

Qualys customers can leverage those insights and either manually or automatically create patch jobs to fix not only the latest Microsoft Patch Tuesday vulnerabilities but also the key vulnerabilities identified by the research team on many 3rd-party applications. Qualys Cloud agent’s ability to deploy patches to any device, anywhere, regardless of its location, without the need to package or prepare the patches allows customers to respond to all vulnerabilities released on and before Patch Tuesday on Tuesday, and not extend this effort over a protracted period. Adding all those patches to the same “patch job” ensures end users and servers do not need to be rebooted multiple times, improving the uptime of critical servers as well as the “well-being” of the end users.

Join our monthly, “This Month in Vulnerabilities and Patches” webinar to learn from our lead researchers about last month’s vulnerabilities including this month’s latest Patch Tuesday ones.


文章来源: https://blog.qualys.com/vulnerabilities-threat-research/2022/11/08/get-your-patch-tuesday-vulnerabilities-patched-on-tuesday
如有侵权请联系:admin#unsafe.sh