2.3 Operating System Patching

Question 1

Why are security professionals constantly emphasizing the need to keep operating systems patched to the latest versions?

Answer 1

Operating systems are foundational computing platforms, making them a primary target for attackers. Patching closes known vulnerabilities that attackers could exploit.

Question 2

What makes operating systems an attractive target for attackers looking for vulnerabilities?

Answer 2

They are foundational platforms used by everyone, meaning a single vulnerability can potentially affect a vast number of systems.

Question 3

How does the complexity of an operating system, specifically regarding its lines of code, relate to the presence of security vulnerabilities?

Answer 3

The more lines of code an operating system has, the more opportunities there are for security vulnerabilities to appear.

Question 4

Describe the general process by which an unknown vulnerability in an operating system is addressed and patched.

Answer 4

Researchers or attackers find vulnerabilities, which are reported to the software manufacturer, who then creates a patch and an update for users to install.

Question 5

What is ‘Patch Tuesday,’ and when does it typically occur for Microsoft Windows?

Answer 5

‘Patch Tuesday’ is the second Tuesday of each month when Microsoft releases entire sets of security patches for its Windows operating systems and other applications.

Question 6

Give an example from the text of the types of security vulnerabilities that Microsoft regularly addresses in its updates.

Answer 6

• Elevation of Privilege Vulnerabilities
• Security Feature Bypass Vulnerabilities
• Remote Code Execution Vulnerabilities

Question 7

Why is it recommended to patch software as quickly as possible once an update is released?

Answer 7

Once a vulnerability is announced, attackers will immediately begin reverse engineering it to create attack code. Patching quickly protects the system.

Question 8

What specific best practice is suggested for home users before performing an operating system patch?

Answer 8

Make sure they have a backup before performing a patch.

Question 9

In large and complex IT environments, what additional step is recommended before deploying a patch to a production environment?

Answer 9

Testing a patch before deploying it to ensure it does not inadvertently break something else.

Question 10

Why is maintaining a good backup crucial even after taking all precautions and testing for operating system patches?

Answer 10

Problems can still occur after a patch is installed, and a backup allows the system to revert to a known good configuration.

Question 11

Fill in the blank: The process of applying updates to software or an operating system to fix bugs is called _______.

Answer 11

[Patching]

Question 12

True or False: ‘Patch Tuesday’ is a term used for the first Monday of each month when Microsoft releases updates.

Answer 12

False

Question 13

What is a vulnerability in the context of operating systems?

Answer 13

A weakness or flaw in an operating system or software that can be exploited by an attacker.

Question 14

What is a backup?

Answer 14

A copy of data or system configurations made to prevent data loss or allow restoration.

Question 15

What does the Microsoft Security Response Center (MSRC) do?

Answer 15

Manages security vulnerabilities in Microsoft products and services, and releases security advisories and updates.