Patching and Updating

Remember to update!

It’s highly important to keep devices firmware and software up to date. Firmware and software updates typically fix known security vulnerabilities, provide bug fixes, and add new features.

For most regular users, it's important to avoid using devices or software that have reached "end-of-life" (EOL) status and therefore are not receiving security updates.

“Patch management” is a systematized approach to updating systems, software, and firmware. Typically, the phrase refers to updating systems in a business or enterprise environment. However, the concept can be scaled down and simplified for most people, families, and small organizations.

Generally, patch management is fairly easy for most people - clicking update when the device has notified there is an update available suffices in most cases. In most cases, users will want to apply security updates as quickly as possible.

Reasons to keep devices, firmware, and software up to date

Fix known security vulnerabilities

At minimum, users should update their devices as soon as reasonably possible when there is a security update available. Security updates/hotfixes/patches fix known security vulnerabilities.

Without timely updating to the latest security patch, users leave themselves open to exploits and attacks that have otherwise been addressed in the relevant update.

Depending on the vendor or developer, sometimes security releases are rolled into feature updates. Though it is common to see them separated from other updates that introduce new features.

According to many reports from cybersecurity-related publications, it appears the time between vulnerability disclosure and exploitation has decreased year-over-year. In other words, once a vulnerability is made public, malicious actors are becoming even quicker in exploiting the disclosed vulnerability; this makes keeping up with security updates even more crucial in the current landscape.

Public vulnerability disclosure happens in many ways; a common method for developers and vendors to disclose vulnerabilities in their patch notes that fix the vulnerabilities. Malicious actors pay attention to patch notes for reconnaisance and development of exploits - they often know someone will lag behind in updating their devices or software.

Bug and “quality-of-life” fixes

Firmware and software updates also provide bug fixes. Bugs can range from random crashing to near-total lack of usability of a device or software.

Bugs are annoying for the end user to deal with simply because the device/software does not work as it should in some capacity. This could render the device or software unusable in the time it takes for the bug to be reported and properly addressed by the developer or vendor.

Get access to new features

New features are perhaps the most exciting part of updating devices and software. Sometimes new features are “surprises,” or long-anticipated releases requested by the end users.

New features introduced may also help mitigate “0-days,” or vulnerabilities exploited in the wild without prior vendor knowledge. Vendors are frequently made aware by security researchers studying evidence of 0-day exploitation in the wild.

New features can also alleviate bugs and introduce quality-of-life improvements for the end user.