Skip to main content
Information Security

Questions tagged [patching]

Ask Question

A patch is small program that updates another program, usually to fix a specific issue. Patches are also often called fixes.

106 questions
NewestActiveBountiedUnanswered
0votes
1answer
63views

Is using software without buying all available patches against security standards?

Canonical, the publishers of Ubuntu, create their own set of security patches for packages in Ububtu's "universe" repository of community-maintained software. They make these patches ...
interfect's user avatar
interfect
  • 313
1vote
2answers
275views

How to reason about CVEs packaged in other open source software

I am reasoning about how to form a policy on CVEs found in software components that do not come from the software itself, but comes in a built-in dependency of that software. Take the example of a ...
Tomas's user avatar
Tomas
  • 111
0votes
1answer
109views

How exactly do security fixes get to the users in PHP?

I want to understand the process to go from a security bug report to a running system having the bug fix applied. Especially how long it takes from the bug being public until the bug is fixed on the ...
zomega's user avatar
zomega
  • 145
0votes
1answer
1kviews

KB Patches not taking effect for CVE-2022-26832: .NET Framework Denial of Service Vulnerability

Rapid 7 has found CVE-2022-26832 on a server running Windows Server 2012 R2 Standard Edition with a French langauge pack installed. The following is listed as the proof why Rapid 7 thinks the ...
Tobie van der Merwe's user avatar
Tobie van der Merwe
  • 113
17votes
3answers
3kviews

Patching operational technology products in a manufacturing assembly line?

I have recently moved to the manufacturing sector to take care of security of systems/products, specifically operational technology (OT) products. Based on a recent US CISA advisory, I had to apply a ...
Baranikumar Venkatesan's user avatar
Baranikumar Venkatesan
  • 685
4votes
2answers
13kviews

How secure is OpenCore Legacy Patcher?

My MacBookPro doesn't get major updates anymore, but the hardware still works well. I came accross OpenCore Legacy Patcher, which allows to install recent versions of MacOs onto older macs through ...
KooDooMoo's user avatar
KooDooMoo
  • 141
1vote
0answers
731views

Do anti-cheat software actually "patch" the UEFI firmware on your motherboard?

I've recently read about the new game called Bloodhunt containing an Anti-Cheat, which had a bug, in which the anti-cheat service would stay installed even though the game is removed. The top Steam ...
Sir Muffington's user avatar
Sir Muffington
  • 1,685
0votes
2answers
201views

Importance of OS security patches for devices only used in home network

(This question bugs me because I am not willing to upgrade for Windows 10) If we are talking about a device (i.e. a PC) in the following scenario: The device is located behind a router that is up-to-...
Jonny's user avatar
Jonny
  • 1
1vote
1answer
301views

Is VLC from the Ubuntu LTS official repository insecure?

Often it is impossible at first sight to understand if a package in a repository is up-to-date with security fixes, because the maintainers use a different naming when applying the patches to old ...
reed's user avatar
reed
  • 16k
0votes
1answer
199views

Developer requests dev systems don't have .Net patches applied

Looking for some guidance on an internal discussion we're having. We have a .Net developer that is requesting all development systems with Visual Studio installed don't have .Net updates installed. ...
mxdd_'s user avatar
mxdd_
  • 1
1vote
1answer
197views

What is the risk of using Windows Phone 8.1 now?

My friend uses Microsoft Phone 8.1 mobile for a tax accountancy firm. As it hasn't received security updates for five years I believe that is a significant information security risk. However, the ...
Darryn Brisdaz's user avatar
Darryn Brisdaz
  • 121
0votes
1answer
171views

Do corporate systems need to be updated immediately after updates are available? [duplicate]

I lived under impression that timely updates were very important. Even a home user wouldn't like their computer to demand ransom for their data. However, the less home and the more corporate our ...
gaazkam's user avatar
gaazkam
  • 6,841
1vote
1answer
211views

CVE-2020-5250 php vulnerability analysis

I am exploring the vulnerability (CVE-2020-5250) found in PrestaShop software versions <1.7.6.4. Could somebody explain how (with which method) was the program exactly exploitable? And why is the ...
Karoliine's user avatar
Karoliine
  • 11
0votes
1answer
198views

CVE-2020-0601 (CRYPT32.DLL exploit) standalone patch? [duplicate]

Is there any standalone patch for CVE-2020-0601 (CRYPT32.DLL exploit) besides installing Windows 10 latest cumulative update? Or is there other ways to mitigate this exploit, when immediate ...
RogerRi's user avatar
RogerRi
  • 1
5votes
1answer
4kviews

EKS managed worker nodes security patching

Do AWS EKS managed nodes receive security patching automatically or is it the owner's responsibility to patch?
vkoukou's user avatar
vkoukou
  • 53

153050per page
1
2345
8
close