Patching Application
A patch is a software update comprised of code inserted (or patched) into the code of an executable program to update, fix or improve the software. This includes fixing security vulnerabilities. Applying patches to applications is critical to ensuring the security of systems and mitigating the risk of exploitation of vulnerabilities within networks and systems
Recommendation – Patching Applications and Operating Systems
It is recommended that the organisation replaces or updates applications, operating systems or hardware that are no longer supported by the vendor through security updates or patches with supported alternatives.
It is recommended that the organisation applies patches within one month of the patch being released by a vendor.
Built-in automatic updates alone does not satisfy this control and verification of the installation status (manually or automatically) is recommended.
Implementation Outcome
Security vulnerabilities in applications and drivers assessed as extreme risk are patched, updated or mitigated within one month of the security vulnerabilities being identified by vendors, independent third parties, system managers or users. Applications that are no longer supported by vendors with patches or updates for security vulnerabilities are updated or replaced with vendor-supported versions. Application control is implemented on all servers to restrict the execution of executables to an approved set.