In this post, I will try to bring to the readers the importance of the process of updating the system as well as the security challenges that can arise in this process. I must mention here that this process is very different when it comes to a private computer of a private user where it is enough to include the automatic update and large computer networks in companies where each update must first be tested before it is released into the production environment.
Do you need to start the system update?
The answer is always YES! Of course, there are special situations where this answer is not appropriate, but it is almost always a positive answer to that question. By the fact that we did not update the operating system and the programs that we have installed on the computer, we left ourselves vulnerable to many failures that a malicious user (a hacker can use) against us. For this reason, if the system update is possible, it is necessary to work as often as possible and of course the system state should be maintained at the level of the latest update released by the manufacturer.
Zero (0) day
If someone is not involved in the issue here, I just want to point out what exactly is meant by the term zero day. It is a failure that is not known to the software manufacturer and the companies involved in the protection. When it finds out about such a failure, the manufacturer immediately makes a patch that corrects the observed shortcoming. However, there is a question of who and when it came to the knowledge that there is a zero day. This is especially important because there is a large number of stores on the Darknet where such zero day information is traded. Unfortunately, buyers are themselves governments of certain countries or spy agencies. The value of such information can be up to 500,000 Euros if it is a zero day that can be used on a large number of computers and if the consequences of downloading control over the computer. Lately there is often information in the media about an unknown group of Shadow Brokers that throws out various information about the NSA spy operations and where a week ago the very information was published that there is already a known zero day flaw that can be used on most modern Windows operating systems and for which Microsoft has not released it for some time, just because the NSA uses it for its operations for some time. There is much speculation on the subject as well as on the subject of the Shadow Brokers group, which many consider to be not a group of hackers but insiders working for the NSA and who want to disclose various information and operations for some high interest. This is not the topic of this post, so I will not deal with it in more detail, but you can soon expect to post a post with my opinion on this topic.
How did it used to be?
Sometimes during windows 2000 and other server operating systems among experienced administrators, the rule was that the Service Pack (SP) was not installed on the server system before someone came up with SP3, which was then acceptable, but this is no longer the case for this behavior would expose many to unnecessary security risks.
How is it done today?
In some cases, the situation is such that the system update should be done the same day when an update occurs, precisely because such an update closes the possibility of exploiting some zero day bugs. Today, it’s completely unacceptable not to run an update except in special conditions such as special-purpose computers that are difficult to get and which are very specific, such as computers running SCADA, where today we can see a large number of windows XP systems that they no longer there is technical support. Of course we have to consider that such a computer is out of the Internet and have special connections so it’s very difficult to get to them except that someone physically backs up on such a computer and therefore their exposure to attacks is drastically reduced.
What can go wrong?
There may be a compatibility issue with certain devices or drivers. Also, certain applications may not be able to run or will not work normally after the system is upgraded. What Microsoft started to do at the moment is that every 14th of this month, it throws out an update and that it involves a larger number of stoves, rather than playing one at a time. This move is a direct consequence of each patch being tested for some time before it is officially published. What is worrying is what if certain security issues do not patch for a few months, even though they are known for them, or to be more precise if the software manufacturer knows about them. Such a move can leave an extremely large number of both private and business users leaving a vulnerable period that you will recognize is not very good.