Bad Patching is Giving Hackers a Field Day
Patching is supposed to keep our data secure. However, bad patching may be giving businesses a false sense of security and giving hackers a field day. People live with the assumption that when a software vendor issues a security update to fix a vulnerability, that the problem has been taken care of. Unfortunately, far too often, this simply isn’t true. In fact, insufficient research and a limited patching effort may lead to further security issues and other potential exploits hackers can easily take advantage of.
Research from Google’s Project Zero hacking team demonstrates that one in four zero-day exploits were related to previously patched vulnerabilities. The exploits could have been avoided with more thorough research and a more detailed patching process. This is good news and bad news. On a positive note, it highlights the many exploits that could be avoided by simply paying more attention to patching. The bad news is that there are still vulnerabilities out there that should have already been taken care of.
In some cases, after patches were implemented, attackers only needed to change a line or two of code to bypass the new security. Sloppy patching is too often focused on the symptom of an exploit, instead of a core vulnerability in the code. A more comprehensive approach to software security needs to be worked into the patching process to avoid temporary fixes that leave our data vulnerable.
If you need help with cybersecurity for your business contact Micropac today: https://bit.ly/35P3Nta