eHelp
It seems like various software vendors release patches several times a month for their particular brand of software. One week, it's Microsoft. The next week, it's Oracle. The next, it's Adobe. How can you keep up?
Most software vendors publish a monthly patch schedule during which they release updates to their software. These releases are usually publicized in advance so that system administrators and users can decide which patches they need to apply.
But once you have the list of patches, how do you decide which ones you really need to apply? An easy way to prioritize patches is to determine how important a given patch is and what the impact of not applying it might be.
Patches fall into four categories:
A patch rated Critical by the vendor of the software is a security-oriented patch. The vulnerability that the patch addresses can be exploited remotely - over the network or Internet. Exploits for the vulnerability have been seen and there is a real danger of compromise. Failure to apply a patch like this can result in a hacked system and a loss of data or personal information. You should apply the patch immediately.
A patch that is rated High is also a security-oriented patch. All the conditions that make a patch Critical also make it High except that there is no evidence of exploits existing for the vulnerability. Failure to apply a High importance patch can result in a hacked system and a loss of data or personal information in the near future if an exploit is released. You should apply the patch as soon as possible.
Medium patches are also security-oriented patches, but these types of patches only address vulnerabilities that can be exploited locally - an attacker needs to have local access to the machine. In other words, the attacker needs to be sitting in front of the machine. While vulnerabilities like this are significant, especially in an open environment such as a University, they are not as critical as millions of people on the Internet having access to a flaw in your system. Failure to patch a Medium vulnerability can result in a compromised system and loss of information. However, the chances of a breach are much lower than those of a Critical or High vulnerability. You should apply this patch when convenient.
Finally, patches of a Low priority encompass all other types of patches. The software vendor has stated that the patch is not a security-oriented patch (it might add new functions to a program, for example), it is not addressing any kind of vulnerability and it does not have a severity rating. Applying a Low priority patch allows you to experience the latest features of the product. You can choose whether or not to apply the patch, depending on your need for the new features.
if you are unsure or have further questions, the I&IT Help Desk can assist you in applying these priorities to patches for your systems.
