What are actually... patches and updates?

It's Tuesday, work is finally over, you can shut down your computer and think about your dinner on the way home, but what is this? Windows is crying out for an update again. Either you stay longer now so as not to waste so much time booting up on Wednesday morning, or you don't. But why are there all these updates?

What happens when I update my system?

Updates and patches are there to close security gaps in the operating system and programmes. They are supposed to prevent the intrusion of malware or ransomware and the exploitation of exploits, but at the same time they can also introduce errors into the system or open up new vulnerabilities. For example, due to an incorrectly blacklisted Windows update server, Sophos's definition update on 5 April 2019 resulted in a notification that a client was trying to send messages to an unauthorised address. The bug was fixed in less than 24 hours, but still worried some clients.

What happens if I don't update my system?

To avoid problems with faulty patches and updates some companies wait with their system updates, this can be of advantage and disadvantage. The advantage is that you don't have any changes in your day-to-day operations because you don't have to learn new features. Another advantage of delayed updates was also seen on 11 April 2019, when an update for Windows 7 triggered a reaction in Sophos Endpoint that caused the system to freeze on boot. Microsoft responded by delaying the update for devices running Sophos Endpoint for the time being. However, the disadvantages are sometimes more costly. The example given at the beginning of the text is called Patch Tuesday and the vulnerabilities and bugs that are secured or fixed with the patch are usually published by the company or are already in the public domain. This measure is taken so that customers have more transparency about their system. However, some criminals use this to make money from companies that have updated their programmes too late. In this way, Patch Tuesday is followed by Exploit Wednesday, when specially crafted exploiter tools attack still unpatched networks and try to plant malware or ransomware in them. These attacks can cause downtime on your computers or in production.

How can I avoid exploit attacks if I no longer receive updates?

In OT, it is very common for operating systems to be more than 10 years old. There are hardly any updates for these systems any more, and with enough technical experience it is usually possible to sneak into the device much too quickly. So that such infrastructures can also continue to be used without problems, many firewall manufacturers not only offer special firewalls for industry, but also flexible endpoint protection.