Patches are software and Operating System (OS) updates that address security vulnerabilities within a program or product. Software vendors may choose to release updates to fix performance or security bugs, as well as to provide enhanced security functionality.
When software updates become available, vendors usually put them on their websites for users to download. Install updates as soon as possible to protect your computer, phone, or other digital device against attackers who would take advantage of system vulnerabilities. Attackers may target vulnerabilities for months or even years after updates are available.
Some software will automatically check for updates, and many vendors offer users the option to receive updates automatically. If automatic options are available, it is recommended that you take advantage of them. If they are not available, periodically check your vendor’s websites for updates.
Make sure that you only download software updates from trusted vendor websites. Do not trust a link in an email message —attackers have used email messages to direct users to websites hosting malicious files disguised as legitimate updates. Users should also be suspicious of email messages that claim to have a software update file attached —these attachments may contain malware.
If possible, only apply automatic updates from trusted network locations (e.g., home, work). Avoid updating software (automatically or manually) while connected to untrusted networks (e.g., airport, hotel, coffee shop). If updates must be installed over an untrusted network, use a Virtual Private Network connection to a trusted network and apply updates.
Users can install updates manually or elect for their software programs to update automatically.
Sometimes vendors will discontinue support for a software program or issue software updates for it (also known as end-of-life [EOL] software). Continued use of EOL software poses consequential risk to your system that can allow an attacker to exploit security vulnerabilities. The use of unsupported software can also cause software compatibility issues as well as decreased system performance and productivity.
We recommend that users and administrators retire all EOL products as soon as possible.
New vulnerabilities are continually emerging, but the best defence against attackers exploiting patched vulnerabilities is simple: keep your software up to date. This is the most effective measure you can take to protect your computer, phone, and other digital devices.