Patching of Operating Systems
A patch is a software update comprised of code inserted (or patched) into the code of an operating system to update, fix or improve the platform. This includes fixing security vulnerabilities. Applying patches to operating systems is critical to ensuring the security of an ICT environment and to mitigating the risk of exploitation of vulnerabilities within networks and systems.
Recommendation – Patching Applications and Operating Systems
It is recommended that the organisation replaces or updates applications, operating systems or hardware that are no longer supported by the vendor through security updates or patches with supported alternatives.
It is recommended that the organisation applies patches within one month of the patch being released by a vendor.
Built-in automatic updates alone does not satisfy this control and verification of the installation status (manually or automatically) is recommended.
Implementation Outcome
Security vulnerabilities in operating systems and firmware assessed as extreme risk are patched, updated or mitigated within one month of the security vulnerabilities being identified by vendors, independent third parties, system managers or users. Operating systems for workstations, servers and ICT equipment that are no longer supported by vendors with patches or updates for security vulnerabilities are updated or replaced with vendor-supported versions.