![]() Security updates start with the letters KB and refer to a specific Knowledge Base article each KB contains a number of updates and patches. Knowledge Base (KB) – Microsoft KBs are a repository of articles describing issues affecting Windows and other Microsoft products. This predictable update cycle has been the centerpiece of vulnerability management programs for almost 20 years, allowing users to build routines around patching Microsoft vulnerabilities. ![]() Patch Tuesday – Since October 2003, Microsoft has published security updates across its product lines on the second Tuesday of every month, known as Patch Tuesday. Glossaryīefore we dig into the specifics of what we found, it’s important to understand some terminology. We will describe these challenges and walk through the journey of collecting data from different sources, building a dependency flow of updates, and eventually listing all remaining vulnerabilities on a host based on the list of installed updates. In other words, to determine which vulnerabilities are resolved given a list of installed patches.ĭuring our research we found this task difficult because of different complexities in the Microsoft update process. In these cases, IT administrators will still want to know based on the installed updates on a host, what vulnerabilities remain unpatched. For example, industrial networks are often not managed, and are isolated from the online update services, meaning that many computers are left unpatched and vulnerable. However, there are many environments in which that is not the case. That means most users are safe because they have an up-to-date version of Windows. Microsoft uses its monthly Patch Tuesday updates to automatically secure many Windows devices from those vulnerabilities. That makes Microsoft’s Windows operating system - the leading desktop operating system by market share - a high-profile target, with a constant stream of vulnerabilities published regularly. This happens at an even faster pace in popular platforms that are appealing to researchers and attackers alike. Security vulnerabilities are regularly published by the dozens, and software vendors are in a constant race to issue updates that patch or mitigate them.
0 Comments
Leave a Reply. |