Categories Topics
Patch Management

Patch Management is a component of an effective Vulnerability Management and Configuration Management program. The main objective of Patch Management process is to ensure systems and devices are free of vulnerabilities to meet the organization's standards and to protect sensitive information. The process should have consistent procedures to ensure timely deployment of patches after vendor release. One of the most common threats to systems and devices is unpatched systems that can be exploited by malicious users to gain unauthorized access to vulnerable systems, applications and eventually sensitive data.

An effective Patch Management process should first start with documented Policy and Procedures that have been agreed to by management to include:
  • Defined roles established that will be responsible for testing, certifying and deploying new patches, OS upgrades and/or configuration management
  • Timely review and download of patches to address vulnerabilities (e.g. use of a subscription service from patch vendor)
  • Ensure risk-based approach to deploy patches within agreed timelines to meet business Service Level Agreements (e.g. critical patches deployed within 30 days after vendor patch release; more critical systems remediated in 7 days)
  • Periodic vulnerability scan of environment to identify vulnerabilities that will need to be patched and remediated (recommended at least every 7 days but no more than 30 days)
  • Agreement from business on pre-defined maintenance windows to deploy patches, OS upgrades, password changes or other system maintenance activities to maintain security and availability
  • Separation of non-production from production systems (ensure patches are tested in non-production to ensure patches will not impact system/application availability in production)
For years, organizations have implemented effective patch management processes for systems (especially Windows OS patches). However, the ever increasing number of applications increase the complexity and number of application vulnerabilities and are easier targets for hackers.

It's important to have effective asset management and configuration management processes in place to ensure standard configurations are maintained and to ensure only authorized applications are installed on systems. Installing authorized applications make it easier to manage currency and patch release schedules. It also better ensures patches can be tested and successfully applied to already tested/certified applications and configurations. Telecom, Network, Appliances and other "devices" are also extremely important to patch and maintain.

Maintenance windows and schedules should also be implemented to better enable patching process to keep those devices vulnerability free. If devices are managed by a third party, contracts should be in place to ensure those devices are patched by third party to meet the organization's policies. Evidence of compliant systems and applications should be provided to the organization as needed or part of independent Third Party security assessment process.

Topic Category
Application Security
News Articles
Samsung Patches Six Critical Bugs in Flagship Handsetsthreatpost.com5/14/2018
Half a million pacemakers need a security patchnakedsecurity.sophos.com5/4/2018
Single single-sign-on SNAFU threatens three Cisco
Microsoft patches patch for Meltdown bug patch: Windows 7, Server 2008 rushed an emergency
Researchers find critical flaws in SecurEnvoy SecurMail, patch now!www.helpnetsecurity.com3/13/2018
Intel Issues Updated Spectre Firmware Fixes For Newer Processorsthreatpost.com2/21/2018
Dell EMC plugs critical bugs in VMAX enterprise storage offeringswww.helpnetsecurity.com2/16/2018
Microsoft releases emergency Windows update to hamstring earlier 'Spectre' defensewww.computerworld.com1/29/2018
Windows Meltdown and Spectre patches: Now Microsoft blocks security updates for some AMD based PCswww.zdnet.com1/9/2018
IBM melts down fixing Meltdown as processes and patches
Sole Equifax security worker at fault for failed patch, says former
Netgear Fixes 50 Vulnerabilities in Routers, Switches, NAS Devicesthreatpost.com10/2/2017
Behind the Masq: Yet more DNS, and DHCP, vulnerabilitiessecurity.googleblog.com10/2/2017
Manchester plod still running 1,500 XP
Ransomware Strikes Kiosks at South Korean LG Service Centerswww.tripwire.com8/17/2017
How the CopyCat malware infected Android devices around the worldblog.checkpoint.com7/6/2017
SANS Institute Survey Finds ICS Security Risks Continue to Rise and Evolvewww.prnewswire.com7/5/2017
Kaspersky Patches Flaws in Anti-Virus for Linux File Serverwww.securityweek.com6/29/2017
The Stack Clashblog.qualys.com6/19/2017
ASUS Patches RT Router Vulnerabilitiesthreatpost.com5/11/2017
Users tell Microsoft to scrap 'pain in butt' Security Update Guide, bring back old bulletinswww.zdnet.com4/25/2017
Script kiddies pwn 1000s of Windows boxes using leaked NSA hack
Microsoft confirms it's patched most of the NSA's Windows exploitswww.computerworld.com4/17/2017
Microsoft fixes 45 flaws, including three actively exploited vulnerabilitieswww.networkworld.com4/12/2017
SAP closes critical vulnerability affecting TREXwww.helpnetsecurity.com4/12/2017
Adobe Releases Security
Apache Struts 2 exploit allows ransomware on serverswww.computerworld.com4/6/2017
Apple Releases Security Update for iOS (10.3.1)
Windows zero-day affects 600,000 older servers, but likely won't be patchedwww.zdnet.com3/30/2017
VMware Patches Flaws Disclosed at Pwn2Ownwww.securityweek.com3/29/2017
Ransom scam exploits Apple iOS Safari flaw to target porn viewerswww.zdnet.com3/28/2017
Apple Releases Multiple Security
Apple Updates iTunes to Patch SQLite, Expat Flawswww.securityweek.com3/27/2017
Lack of security patching leaves mobile users exposedwww.helpnetsecurity.com3/24/2017
Java and Flash top list of most outdated programs on users’ PCswww.helpnetsecurity.com3/23/2017
Cisco Releases Security
Cisco security advisory dump finds 20 warnings, 2 criticalwww.networkworld.com3/16/2017
Another Old Flaw Patched in Linux Kernelwww.securityweek.com3/16/2017
Massive Microsoft Patch Tuesday Security Update for Marchblog.qualys.com3/14/2017
Microsoft stays security bulletins' terminationwww.computerworld.com3/14/2017
Adobe Releases Security Updates (APSB17-07 and APSB17-08)
Hackers exploit Apache Struts vulnerability to compromise corporate web serverswww.computerworld.com3/9/2017
Google Releases Security Update for
D-Link Patches Serious Flaws in DGS-1510 Switcheswww.securityweek.com2/24/2017
CloudFlare Patched Parser Bug that Leaked Private Informationwww.tripwire.com2/24/2017
Microsoft pushes out patches for critical Flash Player vulnerabilitieswww.helpnetsecurity.com2/22/2017
OpenSSL Update Fixes High-Severity DoS Vulnerabilitythreatpost.com2/21/2017
OpenSSL Releases Security
Adobe Releases Security
Cisco Releases Security
Microsoft shelves all February security updateswww.computerworld.com2/14/2017
Recent WordPress vulnerability used to deface 1.5 million pageswww.networkworld.com2/10/2017
ISC Releases Security Updates for
Cisco starts patching critical flaw in WebEx browser extensionwww.computerworld.com1/27/2017
Cisco Releases Security
Google Releases Security Updates for Chrome (56.0.2924.76)
Firefox 51 starts flagging HTTP login pages as insecurewww.helpnetsecurity.com1/25/2017
Apple quashes bugs in iOS, macOS and Safariwww.computerworld.com1/23/2017
Oracle's monster security update: 270 fixes and over 100 remotely exploitable flawswww.zdnet.com1/18/2017
New RIG Campaign Distributes Cerber Ransomwarewww.securityweek.com1/15/2017
Microsoft slates end to security bulletins in Februarywww.computerworld.com1/13/2017
ISC Releases Security Updates for
Microsoft Releases January 2017 Security
Adobe Releases Security Updates (APSB17-01 and APSB17-02)
Malware uses denial-of-service attack in attempt to crash Macswww.zdnet.com1/6/2017
Google Patches 29 Critical Android Vulnerabilities Including Holes in Mediaserver, Qualcommthreatpost.com1/4/2017
PHPMailer, SwiftMailer Updates Resolve Critical Remote Code Execution Vulnerabilitiesthreatpost.com12/29/2016
Mozilla Releases Security Update (Thunderbird 45.6)
VMware removes hard-coded root access key from vSphere Data Protectionwww.networkworld.com12/21/2016
Serious Ubuntu Linux desktop bugs found and fixedwww.zdnet.com12/18/2016
Microsoft Releases December 2016 Security Bulletin (MS16-144 through MS16-155)
Adobe Patches 31 Vulnerabilities, Flash Zero-Day Under Attackthreatpost.com12/13/2016
Netgear starts patching routers affected by a critical flawwww.computerworld.com12/13/2016
Apple Fixes 12 Vulnerabilities in iOS 10.2threatpost.com12/12/2016
McAfee Releases Security Bulletin for Virus Scan Enterprise (SB10181)
Three serious Linux kernel security holes patchedwww.zdnet.com12/9/2016
Google patches Dirty Cow vulnerability in latest Android security updatewww.zdnet.com12/6/2016
Mozilla Releases Security Update (50.0.1)
Symantec Releases Security Updates (SYM16-020)
Mozilla Releases Security
Microsoft patches 68 vulnerabilities, two actively exploited oneswww.computerworld.com11/9/2016
Update your Belkin WeMo devices before they become botnet zombieswww.computerworld.com11/7/2016
Cisco Patches Critical Bugs in 900 Series Routers, Prime Home Serverthreatpost.com11/3/2016
ISC Releases Security Updates for
Joomla websites attacked en masse using recently patched exploitswww.computerworld.com10/31/2016
Windows security: Google flags up new critical Adobe Flash Player flawwww.zdnet.com10/27/2016
Flash Player zero-day being exploited in targeted
Major Vulnerability Found In Schneider Electric Unity Prothreatpost.com10/26/2016
Adobe Releases Security Update (for Flash Player)
Apple Releases Security Updates (iOS, watchOS, tvOS, Safari, and macOS Sierra)
ISC Releases Security Advisory (vulnerability in versions of BIND software)
Oracle fixes 100s of vulnerabilities that put enterprise data at riskwww.computerworld.com10/19/2016
Microsoft Patches 4 Vulnerabilities Exploited in the Wildwww.securityweek.com10/12/2016
Systemd and Ubuntu users urged to update to patch Linux flawswww.scmagazine.com10/11/2016
Adobe Fixes 81 Vulnerabilities in Acrobat, Reader, Flashthreatpost.com10/11/2016
Microsoft fleshes out seismic change to Windows patchingwww.computerworld.com10/10/2016
Cisco Releases Security
Multiple zero-day flaws found in EMC storage systemswww.zdnet.com10/3/2016
Cisco Releases Security
OpenSSL patches 14 vulns, including high-severity flaw that can be exploited for DoS attackswww.scmagazine.com9/25/2016
Chinese researchers hijack Tesla cars from afarwww.helpnetsecurity.com9/20/2016
Adobe fixes critical flaws in Flash Player and Digital Editionswww.computerworld.com9/14/2016
Microsoft releases one of its biggest security updates this yearwww.computerworld.com9/14/2016
WordPress Releases Security Update (4.6.1)
Google Shuts Down Potentially Massive Android Bugthreatpost.com9/7/2016
Google's 3-level Android patch may cause confusionwww.computerworld.com9/6/2016
Go Update OS X and Safari Right Nowwww.wired.com9/2/2016
Apple Issues Critical Updates for Spyware Flaws in Mac OS X, Safariwww.tripwire.com9/2/2016
Patched ColdFusion Flaw Exposes Applications to Attackthreatpost.com9/1/2016
Kaspersky patches DoS and kernel flaws affecting driverswww.scmagazine.com8/29/2016
Cisco starts publishing fixes for EXTRABACON exploitwww.helpnetsecurity.com8/29/2016
Trident: Trio of iOS zero-days being exploited in the
Apple Releases Security Update (iOS 9.3.5)
Microsoft to end decades-old pick-a-patch practice in Windows 7www.computerworld.com8/16/2016
SQL Injection Vulnerability in Ninja Formsblog.sucuri.net8/16/2016
Microsoft Releases August 2016 Security
iOS 9.3.4 released, fixing critical security hole. Update nowwww.hotforsecurity.com8/5/2016
VMware Releases Security Update (VMSA-2016-0010)
Apple Releases Security Update (iOS 9.3.4)
Critical Flaws Found in Enterprise File Sharing Tool Filrwww.securityweek.com7/25/2016
Google Releases Security Update for Chrome (version 52.0.2743.82)
Apple patches remote code execution flawswww.scmagazine.com7/20/2016
Oracle Releases Security Bulletin (July 2016)
Flaw in vBulletin add-on leads to Ubuntu Forums database breachwww.networkworld.com7/18/2016
Juniper Crypto Bug Lets Attackers Eavesdrop on Router, Switch Trafficthreatpost.com7/15/2016
Cisco Releases Security Updates (for router and conferencing server software)
Intel Patches Local EoP Vulnerability Impacting Windows 7threatpost.com7/13/2016
Adobe Releases Security Updates (APSB16-24, APSB16-25, and APSB16-26)
Microsoft Releases Security Updates (MS16-JUL)
WordPress Releases Security Update (4.5.3)
Google Releases Security Update for
Adobe Releases Security Updates (APSB16-18 and APSB16-23)
VMware Releases Security Updates (VMSA-2016-0009)
Cisco Releases Security
D-Link Patches Weak Crypto in mydlink Devicesthreatpost.com6/14/2016
VMware Releases Security Updates (NSX, vCNS and vRealize Log Insight)
Chrome Flaw Allowed Hackers to Run Malicious Code via PDFswww.securityweek.com6/9/2016
Mozilla Releases Security Updates (Firefox, Firefox ESR, and NSS 2016-62)
Symantec Releases Security Updates (SYM16-009)
WordPress Patches Zero Day in WP Mobile Detector Pluginthreatpost.com6/3/2016
Jetpack plug-in for WordPress vulnerable to XSSwww.scmagazine.com6/1/2016
Cisco Patches Serious Flaws in Web Security Appliancewww.securityweek.com5/19/2016
Apple Patches DROWN, Lockscreen Bypass Vulnerability, With Latest Round of Updatesthreatpost.com5/17/2016
Symantec Releases Security
Flash Player update fixes zero-day vulnerability and 24 other critical flawswww.networkworld.com5/13/2016
Compression tool 7-Zip pwned, pain flows to top security, software
Aruba fixes networking device flawswww.computerworld.com5/9/2016
WordPress 4.5.2 Security Releasewordpress.org5/6/2016
Cisco Releases Security
Apple Releases Security
OpenSSL Releases Security
Google Releases Security Update for
Facebook bug hunter finds a back door left by hackers on corporate serverwww.computerworld.com4/22/2016
Oracle releases 136 security patches for wide range of productswww.networkworld.com4/20/2016
‘Badlock’ Bug Tops Microsoft Patch Batchkrebsonsecurity.com4/13/2016
Adobe fixes 24 vulnerabilities in Flash Player, including an actively exploited onewww.computerworld.com4/8/2016
Cisco Releases Critical Security Updateswww.securityweek.com4/8/2016
Apple fixes iPhone passcode bypass flaw server-side, without having to push out an updatewww.tripwire.com4/7/2016
Oracle Releases Security Update for Java
Google Releases Security Update for
Apple updates its products, fixes iMessages zero-daywww.helpnetsecurity.com3/22/2016
VMware patches severe XSS flaws in vRealize softwarewww.zdnet.com3/17/2016
Flash Player Update Patches 18 Remote Code Execution Flawsthreatpost.com3/10/2016
Citrix Releases Security
Google Releases Security Update for
Drupal Releases Security
Stack-based buffer overflow bug found in glibcwww.scmagazineuk.com2/18/2016
Patch Tuesday February 2016blog.qualys.com2/9/2016
Oracle issues emergency patch for Java on
WordPress 4.4.2 Security and Maintenance Releasewordpress.org2/2/2016
Critical Wi-Fi Flaw Patched on Androidthreatpost.com2/1/2016
Cisco patches authentication, denial-of-service, NTP flaws in many productswww.computerworld.com1/29/2016
Vulnerability Note VU#257823: OpenSSL re-uses unsafe prime numbers in Diffie-Hellman protocolwww.kb.cert.org1/28/2016
Apple Fixes Multiple Vulnerabilities in tvOS Security Update 9.1.1www.tripwire.com1/26/2016
Magento plugs XSS holes that can lead to e-store hijacking, patch immediately!
Update your iPhone to stop free Wi-Fi networks stealing your logins!nakedsecurity.sophos.com1/21/2016
Google Releases Security Update for
Cisco Releases Security
Oracle releases a record 248 patcheswww.computerworld.com1/19/2016
Anyone could pull off a LostPass phishing attack to get all your LastPass passwordswww.networkworld.com1/17/2016
Microsoft Releases January 2016 Security
Google fixes dangerous rooting vulnerabilities in Androidwww.computerworld.com1/5/2016
Adobe Releases Security Updates for Flash
Juniper firewalls compromised by bad code: What you need to knowwww.networkworld.com12/18/2015
Cisco patches permission hijacking issue in WebEx Meetings app for Androidwww.computerworld.com12/2/2015
VMware Releases Security
Apache Commons Collections Java Library
Microsoft re-issues security patch after reports of bugs, crasheswww.zdnet.com11/12/2015
Critical flaw patched in Symantec consolewww.scmagazine.com11/11/2015
Microsoft Releases November 2015 Security
All Windows users should patch these two new 'critical' flawswww.zdnet.com11/10/2015
Adobe Releases Security Updates for Flash
New crypto-ransomware targets Linux web
Mozilla Releases Security Updates for Firefox and Firefox
Serious Flaws Found in ATMs of German Bankwww.securityweek.com11/2/2015
Joomla patches serious SQLi flawwww.computerworld.com10/22/2015
Apple Releases Multiple Security
Cisco Releases Security
Microsoft Releases October 2015 Security
VMware Releases Security
Apple Releases Security Updates for OS X El Capitan, Safari, and
Google Releases Security Update for
Security updates address vulnerabilities in Cisco IOS softwarewww.scmagazine.com9/25/2015
Cisco applies plaster to email, Web security
Remote File Overwrite Vulnerability Patched by Cisco in IMC Supervisor, UCS Directorwww.tripwire.com9/4/2015
Popular Belkin Wi-Fi routers plagued by unpatched security flawswww.computerworld.com9/1/2015
Google Releases Security Update for
BitTorrent kills bug that turns networks into a website-slaying
Mozilla Releases Security Updates for
Microsoft Issues Out-of-band Patch For Internet Explorerblog.trendmicro.com8/18/2015
Google has another try at patching Stagefright flawwww.computerworld.com8/14/2015
Microsoft Security Bulletin Summary for August
Mozilla Patches Bug Used in Active Attacksthreatpost.com8/10/2015
Required Group Policy Preference Actions for Microsoft Security Bulletin
BIND9 – Denial of Service Exploit in the Wildblog.sucuri.net8/2/2015
Cisco Releases Security
Remote denial of service vulnerability exposes BIND serverswww.zdnet.com7/30/2015
Apple Patches ‘High’ Input Validation Vulnerability in iTunes, App Storewww.tripwire.com7/29/2015
Google Patches 43 Bugs in Chromethreatpost.com7/22/2015
Patch! Microsoft emits emergency fix for THIRD Hacking Team
Adobe Flash and Microsoft Windows
Oracle Releases July 2015 Security
Microsoft releases 14 bulletins on Patch Tuesday, ends Windows Server 2003 supportwww.scmagazine.com7/14/2015
Mozilla Disables Flash in Firefoxthreatpost.com7/14/2015
Security Updates for Node.js and
Apple Releases Security Updates for QuickTime, Safari, Mac EFI, OS X Yosemite, and
Cisco addresses default SSH keys in multiple productswww.scmagazine.com6/26/2015
US Navy pays millions to cling to Windows XPnakedsecurity.sophos.com6/24/2015
New 0-day for Adobe Flashcommunity.qualys.com6/23/2015
Cisco Patches IPv6 Vulnerability in Carrier-Grade Router Systemthreatpost.com6/12/2015
Microsoft Security Bulletin Summary for June
First software update for Apple Watch includes security fixeswww.computerworld.com5/20/2015
Google Releases Security Update for
Microsoft fixes 46 flaws in Windows, IE, Office, other productswww.computerworld.com5/13/2015
Palo Alto Networks Researcher Discovers 3 Critical Internet Explorer Vulnerabilitiesresearchcenter.paloaltonetworks.com5/12/2015
WordPress 4.2.2 Security and Maintenance Releasewordpress.org5/7/2015
Millions of WordPress Websites at Risk from in-the-wild Exploitwww.tripwire.com5/7/2015
Apple Releases Security Updates for
JetPack and TwentyFifteen Vulnerable to DOM-based XSSblog.sucuri.net5/6/2015
More serious security flaws found in Lenovo computerswww.zdnet.com5/6/2015
Alert (TA15-119A): Top 30 Targeted High Risk
WordPress 4.2.1 Security Releasewordpress.org4/27/2015
Fukushima nuke plant owner told to upgrade from Windows
Mozilla Foundation Security Advisory 2015-45 (Memory corruption during failed plugin initialization)www.mozilla.org4/20/2015
With latest patches, Oracle signals no more free updates for Java 7www.computerworld.com4/15/2015
Denial of Service Attacks Possible with OpenSSL Vulnerability CVE-2015-1787blog.trendmicro.com4/15/2015
Adobe security updates address wide range of bugs, some criticalwww.scmagazine.com4/15/2015
Apple Patches Vulnerabilities in OS X, iOS, Safariwww.securityweek.com4/9/2015
iOS 8.3 fixes dozens of security vulnerabilitieswww.zdnet.com4/9/2015
Vulnerabilities Identified in Network Time Protocol Daemon (ntpd)
Over 1 million WordPress sites may be affected by a flaw in WP Super Cache pluginwww.computerworld.com4/8/2015
IC3 Releases Alert on Web Site
Mozilla Releases Security Updates for Firefox, Firefox ESR, and
MongoDB Patches Remote Denial-of-Service Vulnerability:threatpost.com3/31/2015
Mozilla Releases Security Updates for Firefox, Firefox ESR, and
Freshly Patched Flash Exploit Added to Nuclear Exploit Kitblog.trendmicro.com3/20/2015
Apple Releases Security Update for OS X
OpenSSL patches "high" severity flaws in latest releasewww.zdnet.com3/19/2015
Apple Releases Security Updates for
D-Link Patches Two Remotely Exploitable Bugs in Firmwarethreatpost.com3/16/2015
Adobe issues patches for 11 critical vulnerabilities in Flash Playerwww.zdnet.com3/13/2015
Reboot loop! Microsoft update to fix an old update ends up breaking a new update...nakedsecurity.sophos.com3/13/2015
WPML Security Update, Bug and Fixwpml.org3/11/2015
Security Advisory: MainWP-Child WordPress Pluginblog.sucuri.net3/9/2015
PATCH FREAK NOW: Cloud providers faulted for slow
Apple and Google prepare patches for FREAK SSL flawwww.zdnet.com3/4/2015
D-Link patches critical router flaws, says more fixes to comenakedsecurity.sophos.com3/4/2015
ISC Releases Security Updates for
Linux kernel set to get live patching in release
MS15-011 & MS15-014: Hardening Group Policyblogs.technet.com2/10/2015
Google Releases Security Update for Chrome
Microsoft Security Bulletin Summary for February
Google Releases Security Updates for
Adobe Releases Security Updates for Flash
Following Exploits, Zero Day in WordPress Plugin FancyBox Patchedthreatpost.com2/5/2015
Adobe Begins Patching Third Flash Player Zero Daythreatpost.com2/4/2015
GHOST: Most Linux servers have a horrible, horrible vulnerability (in glibc)www.computerworld.com1/28/2015
Apple releases security updates for OS X, iOS, Safari and
Adobe issues emergency fix for Flash zero-daynakedsecurity.sophos.com1/23/2015
Adobe to release patch next week for 'critical' Flash zero-day under attackwww.zdnet.com1/23/2015
Chrome 40 promoted to stable channel, includes 62 security fixeswww.scmagazine.com1/22/2015
Oracle E-Business suite wide open to database
Oracle Releases January 2015 Security
Vulnerability in Verizon My FIOS App Allowed Users to Compromise Others’ Email Accountswww.tripwire.com1/19/2015
Google goes public with more Windows bugswww.computerworld.com1/16/2015
Mozilla Patches Nine Vulnerabilities With Firefox 35:threatpost.com1/16/2015
Malware sites offering Oracle 'patches'
Microsoft Security Bulletin Summary for January
Evolving Microsoft's Advance Notification Service in 2015blogs.technet.com1/8/2015
ISC website compromised, possibly due to vulnerable WordPress pluginwww.scmagazine.com12/29/2014
Apple pushes out first-ever automatic security upgrade for Macmoney.cnn.com12/23/2014
SoakSoak Malware Campaign Evolvesthreatpost.com12/23/2014
Vulnerability in embedded Web server exposes millions of routers to hackingwww.computerworld.com12/19/2014
Landmark HIPAA settlement confirms push to firm up patching scheduleswww.scmagazine.com12/17/2014
‘SoakSoak’ Malware Compromises More Than 100,000 WordPress Websiteswww.tripwire.com12/15/2014
Bonus Windows updates fix other Windows updateswww.zdnet.com12/10/2014
VMware vSphere product updates address security vulnerabilities - VMSA-2014-0012www.vmware.com12/4/2014
Siemens patches critical SCADA flaws likely exploited in recent attackswww.computerworld.com11/27/2014
Adobe tries to fix Flash vulnerability (again)www.computerworld.com11/25/2014
WordPress 4.0.1 Security Releasewordpress.org11/20/2014
Angler Exploit Kit Adds New Flash Exploit for CVE-2014-8440threatpost.com11/20/2014
Microsoft Security Bulletin MS14-068 - Critical - Vulnerability in Kerberos Could Allow Elevation of Privilege (3011780)
Google Removes SSLv3 Fallback Support From Chrome:threatpost.com11/18/2014
Microsoft fixes critical crypto flaw, strengthens encryption for older systemswww.computerworld.com11/12/2014
Windows vulnerability identified as root cause in Home Depot breachwww.scmagazine.com11/10/2014
Alert (TA14-310A) Microsoft Ending Support for Windows Server 2003 Operating
Assume ‘Every Drupal 7 Site Was Compromised’ Unless Patched By Oct. 15threatpost.com10/31/2014
PHP Patches Vulnerabilities, Including Remote Code Execution Flaw:threatpost.com10/22/2014
Apple pushes out iOS 8.1 - kills the mobile POODLE and closes some, ahem, "backdoors"nakedsecurity.sophos.com10/21/2014
Apple patches 144 security flaws across seven productswww.zdnet.com10/17/2014
Drupal SQL injection nasty leaves sites 'wide open' to
OpenSSL Patches Four
Microsoft Windows 0-Day Vulnerability (CVE-2014-4114) Used by Russian Espionage Group “Sandworm”www.tripwire.com10/14/2014
Google Fixes 159 Flaws in Chromethreatpost.com10/9/2014
Multiple Vulnerabilities in Cisco ASA
Apple Patches Shellshock Vulnerability in Bash for OS Xthreatpost.com9/29/2014
Patch Tuesday Includes Another IE Update; Vuln Disclosures Upthreatpost.com9/4/2014
Firefox 32.0 fixes holes, shakes out some old SSL certs, introduces certificate pinningnakedsecurity.sophos.com9/3/2014
Apple patches 'Find My iPhone' exploitwww.zdnet.com9/1/2014
Microsoft Security Bulletin MS14-045 -
Akeeba Patches Bypass Vulnerability in Joomlathreatpost.com8/22/2014
Update: Microsoft pulls crippling patch from Windows Updatewww.computerworld.com8/18/2014
Google Fixes 12 Vulnerabilities in Chrome 36threatpost.com8/15/2014
Critical Vulnerability Disclosed on WordPress Custom Contact Forms Pluginblog.sucuri.net8/8/2014
Stay up-to-date with Internet Explorerblogs.msdn.com8/8/2014
Firefox 31 has arrived - 11 bulletins, 3 critical, 0 visual surprisesnakedsecurity.sophos.com7/23/2014
Wordpress Sites Seeing Increased Malware, Brute Force Attacks This Weekthreatpost.com7/23/2014
Future Java 7 patches will work on Windows XP despite end of official supportwww.computerworld.com7/14/2014
Java Support ends for Windows XPisc.sans.edu7/5/2014
Conficker: Still spamming after all these yearswww.zdnet.com7/3/2014
Heartbleed still a threat: Over 300,000 servers remain exposedwww.cnet.com6/23/2014
Not big, not clever: Some businesses just can't let go of Windows XPwww.zdnet.com6/18/2014
VMware Patches ESXi Against OpenSSL Flaw, But Many Other Products Still Vulnerablethreatpost.com6/12/2014
Patch ready for newly-discovered Linux kernel flawwww.zdnet.com6/6/2014
Office, IE and Windows in line for critical fixes from
Flaws open gates to WordPress en-masse SEO
Latest IE flaw being actively
Hackers target ZOMBIE XP boxes: Get patching, Internet Explorer 8
'Triple handshake' bug another big problem for TLS/SSLwww.zdnet.com4/28/2014
Apple splats 'new' SSL snooping bug in iOS, OS X - but it's no
Oracle Gives Heartbleed Update, Patches 14 Productsthreatpost.com4/21/2014
VMware patches man-in-the-middle vSphere
OpenSSL Fixes Serious TLS Vulnerabilitythreatpost.com4/7/2014
Final Windows XP-Office 2003 Patch Tuesday a light onewww.zdnet.com4/3/2014
Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled
Attackers Picking Off Websites Running 7-Year-Old Unsupported Versions of Linuxthreatpost.com3/21/2014
SCADA Vulnerabilities Identified in Power, Petrochemical Plantsthreatpost.com3/14/2014
Apple iOS 7.1 patches 41 vulnerabilitieswww.zdnet.com3/10/2014
Microsoft to issue Windows, IE and Silverlight patcheswww.zdnet.com3/6/2014
Cisco Patches Authentication Flaw in Wireless Routersthreatpost.com3/6/2014
Google Fixes Nearly 20 Bugs in Chrome 33threatpost.com3/4/2014
Apple issues many security updates for OS X, including Lion and Mountain Lionwww.zdnet.com2/26/2014
Apple security update fixes iOS vulnerabilitynews.cnet.com2/21/2014
Change your passwords: Comcast hushes, minimizes serious hackwww.zdnet.com2/9/2014
Light Microsoft Patch Load Precedes MD5 Deprecationthreatpost.com2/6/2014
Adobe issues emergency Flash update for Windows and Macnews.cnet.com2/4/2014
Cisco patches backdoor in WAP4410N Wireless-N Access Pointwww.zdnet.com1/24/2014
Don't be a DDoS dummy: Patch your NTP servers, plead infosec
Oracle E-Business suite wide open to database
Oracle, Adobe Announce First Critical Patches of 2014threatpost.com1/10/2014
Apple OS X Mavericks Update Patches Safari, WebKitthreatpost.com12/17/2013
Safari on Mac OS exposes web login credentialswww.zdnet.com12/13/2013
Android 4.4.2 Update Fixes Flash SMS DoS Vulnerabilitythreatpost.com12/12/2013
Microsoft To Patch TIFF Zero Day; Wait Til Next Year for XP Zero Day Fixthreatpost.com12/5/2013
VMware Patches Privilege Escalation Vulnerabilitythreatpost.com12/4/2013
Rackspace patches Windows Updater
Apple iOS 7.04 Fixes App Store Purchase Flawthreatpost.com11/15/2013
Microsoft plans to address zero-day IE bug on Tuesdaynews.cnet.com11/11/2013
Microsoft security research paints bleak picture for XP userswww.zdnet.com10/29/2013
Cisco Fixes DoS, Remote Code Execution Bugs in Six Productsthreatpost.com10/24/2013
VMware Patches Flaws in ESX, vCenterthreatpost.com10/18/2013
Oracle Quarterly Update Includes Patches for 50 Remotely Executable Java Bugsthreatpost.com10/16/2013
Hold in there, Internet Explorer peeps: Gaping zero-day fix coming
Cisco IOS Update Patches Eight Vulnerabilitiesthreatpost.com9/26/2013
Firefox 24 fixes many serious vulnerabilitieswww.zdnet.com9/18/2013
Configuration Compliance and Patch Management Processeswww.tripwire.com9/15/2013
BlackBerry Patches Flash, WebKit and Libexif Flaws on Mobile Devicesthreatpost.com9/11/2013
Microsoft Security Bulletin Summary for September
Clear next Tues: Incoming Outlook, IE, Windows critical security
Java 6 users vulnerable to zero day flaw, security experts warnwww.zdnet.com8/29/2013
Office 2003 soon to lose support toowww.zdnet.com8/28/2013
VMware Patches Root Privilege-Escalation Flawthreatpost.com8/23/2013
Google Chrome 29 Fixes 25 Vulnerabilitiesthreatpost.com8/20/2013
HP plugs password-leaking printer
ISC announces BIND 9 DoS Vulnerability and patch updateisc.sans.edu7/26/2013
Failure to clean up old Java is leaving enterprises vulnerable to attackwww.zdnet.com7/22/2013
Oracle releases July patch batch... with 27 fixes for remote
Sony to pay £250,000 fine for PlayStation Network breachnakedsecurity.sophos.com7/16/2013
Android should embrace a Windows-style security update modelwww.zdnet.com7/15/2013
Targeted attacks exploit now-patched Windows bug revealed by Google engineerwww.computerworld.com7/12/2013
July Patch Tuesday Updates Expected to Include Fix for Ormandy Kernel Bugthreatpost.com7/8/2013
Latest WordPress Update Patches Seven Vulnerabilitiesthreatpost.com6/25/2013
Virtualisation security: Where firms are falling downwww.zdnet.com6/21/2013
Apple pours OS X Snow Leopard another Java fixwww.computerworld.com6/19/2013
Scores of vulnerable SAP deployments
Oracle releases Java update to close 37 high-risk vulnerabilitieswww.scmagazine.com6/18/2013
Critical Java SE update due Tuesday fixes 40
Qld IT systems left unpatched, used in botnetswww.zdnet.com6/11/2013
Microsoft patches critical IE vulnerabilities and actively exploited Office flawwww.computerworld.com6/11/2013
IRC Botnet Leveraging Unpatched Plesk Vulnerabilitythreatpost.com6/10/2013
Five Bulletins, One Critical in Microsoft’s June Patchthreatpost.com6/6/2013
Apple's OS X and Safari get biggish security fixesnakedsecurity.sophos.com6/5/2013
Google Ships 12 Security Patches in Latest Chrome Updatethreatpost.com6/5/2013
VMware releases new and updated security advisoriesisc.sans.edu5/31/2013
Hackers exploit Ruby on Rails vulnerability to compromise servers, create botnetwww.computerworld.com5/29/2013
Apple patches security holes in QuickTime on Windowswww.zdnet.com5/24/2013
EMC vuln gives mere sysadmins the power of storage
Google security: You (still) are the weakest linknews.cnet.com5/16/2013
Firefox 21 Fixes Three Critical Flaws, Introduces New Health Reportthreatpost.com5/15/2013
Microsoft Security Bulletin Summary for May
May's Patch Tuesday to fix two critical flaws in Internet Explorerwww.zdnet.com5/10/2013
Washington Court Data Breach Exposes 160K SSNsthreatpost.com5/10/2013 forces customers to reset passwords following security breachwww.computerworld.com5/9/2013
Microsoft plasters IE8 hole abused in nuke lab PC
Google left heating, cooling system open to hackerswww.computerworld.com5/6/2013
IE8 zero-day flaw targets U.S. nuke researchers; all versions of Windows affectedwww.zdnet.com5/5/2013
Oracle slaps critical patch on insecure
Oracle critical patch plugs 128 security
Microsoft: Uninstall Faulty Patch Tuesday Security Updatethreatpost.com4/12/2013
Adobe Ships Fixes for Flash, ColdFusion and Shockwave in April Patch Releasethreatpost.com4/9/2013
XP migration easy pickings over, say expertswww.computerworld.com4/9/2013
Microsoft's April Patch Tuesday brings no Pwn2Own fixwww.computerworld.com4/9/2013
Adobe Ships Fixes for Flash, ColdFusion and Shockwave in April Patch Releasethreatpost.com4/9/2013
Tick-tock! 40% of PCs start Windows XP malware meltdown
Microsoft to patch IE10 Pwn2Own bugs next week, says security expertwww.computerworld.com4/4/2013
Firefox 20 Fixes 11 Critical Flaws, Adds Per-Tab Private Browsingthreatpost.com4/2/2013
Outdated Java weak spots are widespread, Websense saysnews.cnet.com3/27/2013
South Korea data-wipe malware spread by patching
Reckless IT pros are missing security holes in non-Microsoft softwarewww.zdnet.com3/15/2013
Apple updates Mountain Lion, patches Safariwww.computerworld.com3/15/2013
Microsoft fixes critical Windows, IE flaws for Patch Tuesdaywww.zdnet.com3/12/2013
Microsoft preps UPDATE ALL THE THINGS security patch
Oracle releases emergency fix for Java zero-day exploitwww.computerworld.com3/4/2013
Adobe Patches Two Critical Flash Player Vulnerabilitiesthreatpost.com2/26/2013
VMware promises better security, considers scheduled
Microsoft monthly patches touch Exchange, Windows, Explorerwww.computerworld.com2/12/2013
Change your passwords: Comcast hushes, minimizes serious hackwww.zdnet.com2/9/2013
Patch Tuesday: IE at risk of malware attacks; 57 flaws in totalwww.zdnet.com2/8/2013
Adobe releases emergency Flash fixes for two zero-day bugswww.computerworld.com2/8/2013
Wireless Carriers Leave Millions of Android Phones Vulnerable to Hackerswww.wired.com2/5/2013
Eight-month WordPress flaw responsible for Yahoo mail breach: Bitdefenderwww.zdnet.com2/1/2013
Chinese hackers said to wage cyberwar on The New York Timesnews.cnet.com1/30/2013
Crap security lands Sony £250k fine for PlayStation Network
Oracle Releases 86 Patches in its January Critical Patch Updatethreatpost.com1/16/2013
Microsoft to patch Internet Explorer zero-day flaw todaywww.zdnet.com1/14/2013
Oracle releases software update to fix Java vulnerabilitynews.cnet.com1/13/2013
Chrome 24 Fixes More Than 20 Flawsthreatpost.com1/10/2013
Ruby on Rails patches more critical vulnerabilitieswww.computerworld.com1/9/2013
Adobe Patches Acrobat, Reader and Flash Flawsthreatpost.com1/8/2013
Microsoft kicks off 2013 with clutch of critical Windows updateswww.computerworld.com1/8/2013
Samsung rolls out Exynos patch to Galaxy S3 handsetswww.zdnet.com1/4/2013
Microsoft to open year with seven patcheswww.scmagazine.com1/3/2013
Microsoft issues 'fix it' for IE vulnerabilitywww.computerworld.com1/1/2013
Facebook Patches Webcam Snooping Vulnerabilitythreatpost.com12/31/2012
VMware Patches Directory Traversal Vulnerability in View Server and Security Serverthreatpost.com12/19/2012
Adobe drags Google into Microsoft's Patch Tuesdaywww.computerworld.com12/13/2012
Microsoft fixes critical Windows 8, IE10 flaws for Patch Tuesdaywww.zdnet.com12/11/2012
Microsoft Fixing 11 Vulnerabilities for December Patch Tuesdaythreatpost.com12/6/2012
A patched browser - false feeling of security or a security utopia that actually exists?www.zdnet.com11/27/2012
Windows XP is a ticking time-bomb with only 500 days to gowww.zdnet.com11/23/2012
VMware Security Update Fixes DoS, Other Vulnerabilitiesthreatpost.com11/16/2012
Slide Show: The Vulnerability 'Usual Suspects' Of 2012www.darkreading.com11/16/2012
Anti-virus is no longer enough to stop the malwarewww.infosecurity-magazine.com11/14/2012
Attention shoppers: Patch Internet Explorer immediately before you shop onlinewww.csoonline.com11/14/2012
Microsoft Update Includes Critical Security Update for IE 9, First Patches for Windows 8, RTthreatpost.com11/13/2012
Microsoft Security Bulletin Summary for November
Microsoft to fix 19 vulnerabilities in six patch bulletins on Tuesdaywww.infosecurity-magazine.com11/9/2012
Google Patches 14 Flaws in Chrome 23threatpost.com11/6/2012
Cisco Patches Vulnerabilities in Data Center and Web Conferencing Productsthreatpost.com10/31/2012
Possible 'Patch' For Policy On Protecting Government Agency Systemswww.darkreading.com10/22/2012
Microsoft Patches Windows, Office Flawskrebsonsecurity.com10/9/2012
Microsoft Security Bulletin Summary for October
Microsoft to ship emergency IE patch to thwart active attackswww.zdnet.com9/20/2012
Microsoft Ships Two Bulletins in September Security Updatethreatpost.com9/11/2012
Chorus Grows Louder to Disable Java 7 After Exploit Hits Mainstreamthreatpost.com8/29/2012
Phishing for Fanboys with Phony iPhone 5 Imagesthreatpost.com8/21/2012
Microsoft fixes five critical security flaws on Patch Tuesdaywww.zdnet.com8/15/2012
Patch Tuesday: Microsoft to fix five critical security flawswww.zdnet.com8/10/2012
Criminals target firms with rogue emails from payroll services providerswww.computerworld.com8/6/2012
Microsoft warns of critical Oracle code bugs in Exchangewww.computerworld.com7/31/2012
Siemens squashes Stuxnet-like bugs in SCADA
Skype: Nearly half of adults don't install software
Oracle to release 88 security fixeswww.computerworld.com7/12/2012
Mountain Lion gets daily automatic updatesnews.cnet.com6/26/2012
Attack code published for 'critical' IE flaw; Patch your browser nowwww.zdnet.com6/18/2012
Apple hustles, patches Java bugs same day as Oraclewww.computerworld.com6/14/2012
Oracle Java SE Critical Patch Update Advisory - June
Microsoft Security Bulletin Summary for June
MySQL vulnerability allows attackers to bypass password verificationwww.computerworld.com6/11/2012
Adobe patches critical Flash Player holes; adds support for Mac OS X Gatekeeperwww.zdnet.com6/8/2012
'Flame’ Malware Prompts Microsoft Patchkrebsonsecurity.com6/4/2012
Top Handset Maker Confirms Backdoor in One of Its Modelswww.wired.com5/18/2012
Microsoft: Conficker Worm Continues to Plague Enterpriseswww.eweek.com4/25/2012
DigiNotar Files for Bankruptcy in Wake of Devastating Hackwww.wired.com9/20/2011
Hackers dump secret info for thousands of
The Inside Story of SQL Slammerthreatpost.com10/20/2010
White Papers
Kaspersky Lab report: Global Web Browser Usage and Security Trendswww.kaspersky.com11/1/2012
Implementing DSD’s Top Four for Windows
Top Four Mitigation Strategies to Protect your ICT
In a Zero-Day World, It’s Active Attacks that Matterkrebsonsecurity.com10/1/2001
NIST SP 800-40 Rev. 3 Guide to Enterprise Patch Management TechnologiesNIST7/25/2013