Microsoft have been releasing patches for 30 years. It’s easy to become blasé about them.
Yes, Microsoft can automatically apply updates to Windows and Office.
But that does not mean that you can rely on it.
Any system is only as good as how well it is monitored.
After all, there is no such thing as “set and forget”. It is a myth (like self-cleaning ovens). Left to their own devices, there is a failure rate for everything. Even more, once they have failed, they stay failed. They don’t magically fix themselves. That means that if one device is not up to date today, it’s still broken tomorrow. Even worse, it quickly becomes two when another fails, and so on.
That’s why we recommend our KARE system. KARE has become more and more sophisticated over the years, with more services. But it’s the basic foundational protections that are still so incredibly important. Patching is one of those, because it has to be done well, and consistently well. It is monitored assiduously, and if we notice a device misses its updates, then we intervene. We have various alerts, prompts and reports to make sure we keep all the software on KARE devices updated.
When the rubber hits the road
In just one example, in August 2022, Microsoft patched a dangerous bug which had been discovered by the NSA in the United States. Since then, the wider community has shared ‘proof of concept’ (POC) process for exploiting that bug. That’s intended to help developers keep their software secure, but we expect that hackers will also jump on the POC work and quickly turn that into active exploits.
The bottom line: Every device that accesses your organisation’s data needs to be protected.
That’s PCs, Macs, and even mobiles. They all need to be patched at the very least. But if you assume you are patched, and don’t monitor and check it. If so, you are vulnerable. If one device missed the updates, then it is vulnerable. The same applies to your end-point protection (remember – old fashioned antivirus isnt enough these days either)
That is the undeniable foundational value of KARE. It isn’t exciting, but it is important. Every day, our KARE team is working to maintain patching for our clients, to intervene when a system misses an update and to fix any issues.
In these days of enhanced cyber-risk, that matters. You can have all the layers of security in the world, but they are sitting on top of something that is missing a basic level of protection, then you have an elevated risk..
Whether our clients have ther own IT teams or totally rely on us, having a foundational active patching system like KARE means they have this foundation in place.