15. Patching & Updating Exercise

Patching & Updating Exercise

In this exercise, you'll review the Microsoft Security Resource Center (MSCR) where they provide information on security updates for their products.

Also as part of this exercise, you'll practice updating your own applications. If you are using any Microsoft products, you can use the information provided from the MSCR in understanding the update process for your devices, software and applications. Other vendors provide similar information.

Exercise 1: Updating your applications

Updating your applications

QUESTION:

In the Hacking Lifecycle lesson, you took an inventory of your home systems and applications. This is also the first step for both the NIST CSF and CIS Controls.

  1. Using that list, document below the systems and applications that need to be updated. Quite often today, applications are automatically updated. In those cases, document the latest version.
  2. Are all of your applications and operating systems completely up-to-date? Why or why not?
ANSWER:

  1. You should list the same applications previously used in your software inventory. Each one should now show it's on the latest version available from the manufacturer.

    Your answers may vary. The intent is for you to ensure all of the applications you use are updated to the latest version.
  2. Sometimes we don't update software for many reasons:
  • It's an application we don't use very often
  • We don't realize it needs to be updated. For example, smartphone apps are updated through a separate function and not as a part of the app.
  • We don't know or understand the impact of the update and are fearful it will disrupt us using the app.
  • We want to make sure the application is fully tested and vetted by others before we install it.

Exercise 2: Microsoft Security Resource Center (MSRC)

The Microsoft Security Resource Center (MSRC) is a centralized location for information about vulnerabilities and updates to Microsoft products. In this exercise, you'll explore the MSRC to understand Microsoft's process patch process.

Microsoft Security Resource Center (MSCR) - Part 1

QUESTION:

  1. Go to the Microsoft Security Resource Center (MSCR). Click on Read the Security Update Guide FAQ to go to that page. Answer these questions:
  • When does Microsoft release security updates?
  • How can you receive notifications about Microsoft updates?
ANSWER:

The MSCR is a one-stop-shop for all information about Microsoft patches, updates and vulnerabilities.

  • Microsoft schedules the release of security updates on "Patch Tuesday," the second Tuesday of each month at 10:00 AM PST. Please note that there are some products that do not follow the Patch Tuesday schedule.
  • Microsoft sends out a notification whenever there is material information that affects customers’ security. Microsoft's free monthly Security Notification Service provides links to security-related software updates and notification of re-released security updates.

Microsoft Security Resource Center (MSCR) - Part 2

QUESTION:

  1. You can also use the Security Update Guide (SUG) to understand vulnerabilities associated with their products. It helps IT professionals understand and use Microsoft security release information, processes, communications, and tools so they can manage organizational risk and develop a repeatable, effective deployment mechanism for security updates.
    On the SUG, find three vulnerabilities and explain them below.
ANSWER:

Student's answers will vary. The intent is to get you familiar with this website as a resource for general information about known vulnerabilities, patches, and Microsoft articles for updating their products.

Microsoft Security Resource Center (MSCR) - Part 3

QUESTION:

  1. Go to the Windows Update FAQ website. In particular, look at the FAQ questions supplied below and provide your observations in the answer space.
    We encourage you to become familiar with this process since so many organizations use Windows operating systems.
  • How do I manually update my Windows PC?
  • How long does it take to download updates?
ANSWER:

Student's answers will vary. The intent is to get you familiar with this website as a resource for information about Windows 10 updating process.

Answers to the specific FAQ questions:

  • Some updates may not be available on all devices at the same time—we’re making sure updates are ready and compatible.
    To stay up to date, select the Start button > Settings > Update & Security > Windows Update, and then select Check for updates.
  • The time required to download updates primarily depends on internet connection speed, network settings, and update size. Make sure your device is plugged in and connected to the internet to download updates faster.

Next Concept