From security-tips@us-cert.gov Wed Apr 7 16:40:09 2004 From: US-CERT Security Tips To: security-tips@us-cert.gov Date: Wed, 7 Apr 2004 15:32:56 -0400 Reply-To: w.naef@iwar.org.uk Subject: [INFOCON] US-CERT Cyber Security Tip ST04-006 -- Understanding Patches -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cyber Security Tip ST04-006 Understanding Patches When vendors become aware of vulnerabilities in their products, they often issue patches to fix the problem. Make sure to apply relevant patches to your computer as soon as possible so that your system is protected. What are patches? Similar to the way fabric patches are used to repair holes in clothing, software patches repair holes in software programs. Patches are updates that fix a particular problem or vulnerability within a program. Sometimes, instead of just releasing a patch, vendors will release an upgraded version of their software, although they may refer to the upgrade as a patch. How do I find out what patches I need to install? When patches are available, vendors usually put them on their web sites for users to download. It is important to install a patch as soon as possible to protect your computer from attackers who would take advantage of the vulnerability. Some software will automatically check for updates, and many vendors offer users the option to receive automatic notification of updates through a mailing list. If these automatic options are available, we recommend that you take advantage of them. If they are not available, check your vendors' web sites periodically for updates. Make sure that you only download software or patches from web sites that you trust. Do not trust a link in an email message--attackers have used email messages to direct users to malicious web sites where users install viruses disguised as patches. Also, beware of email messages that claim that they have attached the patch to the message--these attachments are often viruses. _________________________________________________________________ Both the National Cyber Security Alliance and US-CERT have identified this topic as one of the top ten for home users. _________________________________________________________________ Author: Mindi McDowell This document is also available online: _________________________________________________________________ Copyright 2004 Carnegie Mellon University. Terms of use: -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFAdFasXlvNRxAkFWARAu8DAKD/KH04pOqZOQKT48xaSyNkd8IKkQCfdsAx 0gCGkiGDkb+B08y7Oxb9Xbc= =ElET -----END PGP SIGNATURE----- ------------------------------------------------------------------------ Information is the currency of victory on the battlefield. GEN Gordon Sullivan, CSA (1993) ------------------------------------------------------------------------ INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk ------------------------------------------------------------------------ To subscribe, change your subscription or unsubscribe go to http://www.iwar.org.uk/mailman/listinfo/infocon/ ------------------------------------------------------------------------