You Need To Be Familiar With Patching Terminology

You Need To Be Familiar With Patching Terminology

Over the past several months, while watching the news or reading about business and technology, you’ve probably encountered a few words, such as ‘ransomware’ ‘exploit weakness’, and ‘security patch’. These terms are used often, and you may be confused as to what they really mean, and how they relate to you and the security of your business’ data.


In recent months, ransomware attacks like WannaCry and other malware have made headlines, with cyber criminals exploiting weaknesses in networks, application deployments, and operating systems. What is very hard for some people to understand is that often the weaknesses being exploited are known by software developers, who have released security updates known as ‘patches.’

For many small business owners and personal PC users, a better understanding of types of patches, how they work, when they’re released, and how to access them might be all that stands between a hacker and your network. Here are five terms that are associated with the continuous software updates that aim to protect users from data loss or worse.

Patch Tuesday - For those who allow their computer to update and install patches automatically, it might have never really occurred to them that there was a schedule as to when Microsoft released patches. Similar to how new movies are released or video games are launched on specific days of the week, Microsoft releases patches on the second (and sometimes fourth) Tuesday of each month. With newer operating systems and software versions, there might come a time where Patch Tuesday becomes obsolete in favor of a real-time data exchange where software and applications are constantly updated as needed.

Security Patching - This is what most people think of when they think of a patch for a piece of software or an application. It’s a series of data and files that fix or mitigate the threat of a known issue or vulnerability. These are generally what are provided on official patch days, like Patch Tuesday. That is, of course, unless the patch is a zero-day or immediate release, an action usually reserved for major security risks or weaknesses found after they have been exploited.

Hotfix - Sometimes referred to as a ‘Quick-fix Update’ ‘Quick-fix Engineering Update’ or ‘General Distribution Release’, a hotfix is a small patch that fixes a single bug or vulnerability that is significant enough that it should not wait until the next scheduled patch release. Although, Microsoft itself no longer uses the term ‘hotfix’ in an official capacity, the term is still widely used by majority of the industry.

Zero Day Vulnerability - This is a specific type of weakness that is not discovered or disclosed until the hackers are already exploiting it. This is called ‘zero day’ because software developers and advocates have no time - or zero days - to create a patch or develop a work around, leaving both users and developers scrambling to keep data safe.

Whitelisting - As related to malware and ransomware, whitelisting is the process in which a patch or application is declared safe, allowed access to the network, or otherwise approved for a certain network or program. The term ‘whitelist’ comes from the opposite of ‘blacklist’. Made popular during the Cold War, blacklist refers to a list of people or items that are banned, rejected, or labeled in a negative way. Whitelisting was tossed around when so many WannaCry victims had the security patch needed since March. Many establishments were waiting for internal IT departments to test and officially ‘whitelist’ the patch which would allow the installation of the security patch needed to eliminate the vulnerability exploited by the WannaCry ransomware.

Truthfully, there is a lot more to patches than just the five terms above - and the more your business relies on technology the more important proper maintenance of technology - including patches and updates, becomes to your continued success. In the end, working with White Mountain IT Services will help you make sure that your business is always properly updated, with pertinent, whitelisted patches. Call us at 603-889-0800 to learn more.

Related Articles

  • Tip of the Week: How To Put A Table Of Contents In A Google ... If you author a long document, having a table of contents can help your readers get the information they need fast. Here is how to insert a table of contents into a Google Doc. In order to use the Table of Contents feature, you need utilize the preset heading and title formatting option. This can b...
  • Scammers and Skimmers Are a Bad Combination Considering how often hackers target financial credentials like credit card numbers and expiration dates, it’s not surprising that ATMs can provide a wealth of information to them. Hackers are willing to go exceedingly far just to get their hands on these credentials--including physically altering t...
  • Your Employees Can Be One Of Your Biggest Security Risks A surprising number of security issues come from inside your organization. User error on the part of the employee can present major problems for your workflow, data security, and the integrity of your business. User error could be something as simple as an employee clicking on the wrong links when t...
  • Why You Should Pay Attention to Data Security Notifications If you’ve watched the news lately, chances are you’ve seen the Equifax breach and the ridiculous fallout it has caused. Over 133 million personal records have been stolen. While it’s difficult not to feel individually victimized by such a breach, it’s important to remember that it’s often not your s...
  • Google Pixel Is First to Come with Zero-Touch Provisioning--... Does your business use Google’s line of Android devices for business purposes? Well, you might be happy to hear about Google’s new zero-touch solution for enterprises for their Pixel line of smartphones. If you provide smartphones for your business’ employees, you know how much of a hassle it is to ...
  • Hackers May Meet Their Match With AI There are many organizations in the world that simply can’t have cybercriminals and hackers interfering with their data. One of these organizations, CERN (whose acronym translates to the European Laboratory for Particle Physics) has far too powerful of a computer grid to allow hackers to access it. ...
With the surge in the number of small and medium businesses that have fallen prey to malware and cyber criminals, there is a lot of focus of what an organization can do to prevent being a victim and how the company should handle themselves after an attack. There is another key factor to preventing cyber criminals from penetrating into your network:...

- Onsite Coverage Area -

Onsite computer support services are available to businesses within 100 miles of Nashua New Hampshire. We have excellent onsite coverage from Concord NH, south through Manchester NH and then down into Boston. From Northern and Central Mass we cover from Worcester, east to the North Shore, including the Salem and Portsmouth NH area.

 

603-889-0800

White Mountain IT Services
33 Main Street Suite 302
Nashua, New Hampshire 03064

 

 padlock1  Cyber Security Toolkit

cloud desktop2 Cloud Desktop Login

Open Positions