Patch Tuesday

CardPointe with CardConnect
May 23, 2017
Easy integration and CardConnect
June 6, 2017
CardPointe with CardConnect
May 23, 2017
Easy integration and CardConnect
June 6, 2017
Show all

Tired businessman with laptop on desk in office

Keeping your computer’s security software up to date is an important part of maintaining PCI compliance and most of you probably do it. It is also important that you keep your computer’s software up to date. The good news is that your computer does most of this for you.

On the second Tuesday of every month, and occasionally the fourth Tuesday is something Microsoft has taken to calling Patch Tuesday. At about 7:00 PM Eastern Time Windows Update begins searching for updates and installing them. At the same time their knowledge base articles are unlocked concerning these updates. This is nothing new, this has been in operation since Windows 98 was in use. Did you ever wonder why you would start getting messages telling you that the computer needed to be restarted? It was annoying when you came into work and saw that and you might have ignored it as you just didn’t have time to do it. That was not a good idea then and it isn’t today.

The most obvious reason is that an update that will make the system work better needs to be installed. That is as good a reason as any to install an update but think about it another way. Microsoft has just released a patch for a potential security flaw and their knowledge base explains it. A criminal can read that and is all but given a roadmap on how to exploit the flaw. That person also realizes that most people do not update immediately and some will not update for weeks or months, plenty of time for them to make trouble. This is why the day that follows Patch Tuesday is known as Exploit Wednesday. There is also another concern with patches. When Microsoft releases one outside of Patch Tuesday it serves as a beacon to criminals telling them about a critical flaw.

Are there any of you out there running Windows XP? Microsoft discontinued support in 2014 for it. That is called its zero-day. What happened after that was every patch released for Windows 7 or Windows 8 was analyzed by criminals and they tried to reverse engineer it to Windows XP knowing that Microsoft will not fix a flaw. After all, if it wasn’t caught until Windows 8 was in use it was probably not even thought about with XP. If you are interested Windows Vista’s zero-day has passed already on April 11, 7’s is in 2020, 8’s is in 2023 and 10 is in 2025.

Chances are your computer has other software on it as well. Most companies have followed Microsoft’s lead and release their own updates around the same time. That means that one reboot of the computer will take care of just about everyone. So, now that you know when to look you can build a little bit of extra time into your day to take care of updates so that you will be protected. After all keeping your computer’s security up to date is part of PCI compliance!