Early in January, the National Security Agency (NSA) alerted Microsoft to a major flaw in Windows 10 that could let hackers pose as legitimate software companies, service providers, websites, or others. “It’s the equivalent of a building security desk checking IDs before permitting a contractor to come up and install new equipment,” Ashkan Soltani, a security expert and former chief technologist for the Federal Trade Commission, told CNN.
Fortunately, Microsoft acted quickly and issued a critical update — CVE-2020-0601 — on January 14.
Despite this quick action, businesses and government have a habit of missing, ignoring, or delaying important patches and updates. They do so at their peril. In 2019, the majority of cybersecurity breaches were a result of unapplied patches. However, the reasons for this oversight are complicated and often unintentional.
Patch management — IT’s nightmare
Getting a handle on patch management is an unending challenge for IT and security…
