1 00:00:00,720 --> 00:00:03,018 Patch Tuesday is the unofficial term 2 00:00:03,236 --> 00:00:04,930 used to refer to when Microsoft 3 00:00:04,974 --> 00:00:08,458 regularly releases security patches for its software products. 4 00:00:08,894 --> 00:00:10,327 It occurs on the second, 5 00:00:10,661 --> 00:00:13,658 and sometimes fourth Tuesday of each month in North America. 6 00:00:14,800 --> 00:00:19,978 If you go to this site here, this is Microsoft’s security bulletin, 7 00:00:20,858 --> 00:00:23,454 you can get to at this address here. 8 00:00:24,494 --> 00:00:27,825 You can see the latest security patches. 9 00:00:28,370 --> 00:00:31,418 One patch can fix many vulnerabilities. 10 00:00:32,240 --> 00:00:36,952 You want to install all the critical patches, definitely, 11 00:00:37,200 --> 00:00:39,832 and really, you want to install the important ones too, 12 00:00:40,436 --> 00:00:42,567 but you can make that decision 13 00:00:42,632 --> 00:00:46,567 based on what you think of these security patches. 14 00:00:47,163 --> 00:00:50,269 The KB number will match 15 00:00:50,850 --> 00:00:54,450 the number shown in the Windows operating system 16 00:00:55,083 --> 00:00:57,978 for the details and the KBs as you need to patch. 17 00:00:58,443 --> 00:01:02,109 CVE numbers are unique to the vulnerability or the bug. 18 00:01:03,432 --> 00:01:05,490 You can see these if you click on the patch. 19 00:01:14,654 --> 00:01:17,869 We can see here, CVE number here. 20 00:01:19,047 --> 00:01:20,047 We’ll click on this. 21 00:01:21,825 --> 00:01:24,894 That will take us through to the common vulnerabilities and exposures, 22 00:01:25,730 --> 00:01:28,400 and provide us more information on that. 23 00:01:29,300 --> 00:01:33,352 You can also choose to Google for 24 00:01:36,225 --> 00:01:38,509 the vulnerability and fine 25 00:01:39,920 --> 00:01:42,450 other juicy information about it. 26 00:01:44,072 --> 00:01:45,527 You can see here that this one 27 00:01:46,945 --> 00:01:50,225 was found, that's one of the hacking teams' bugs 28 00:01:50,320 --> 00:01:52,763 they were using to hack machines. 29 00:02:06,254 --> 00:02:09,658 And you can search to see whether there's exploits available for it 30 00:02:10,785 --> 00:02:12,509 and if it's relatively new, 31 00:02:13,272 --> 00:02:14,872 and maybe not. 32 00:02:15,221 --> 00:02:17,243 You can check on CVE Details, 33 00:02:18,414 --> 00:02:19,414 the vulnerability. 34 00:02:24,305 --> 00:02:27,040 And here we can see this is a particularly bad one, 35 00:02:27,970 --> 00:02:29,280 9.3: 36 00:02:32,400 --> 00:02:35,338 "allows remote attackers to execute arbitrary code”. 37 00:02:36,669 --> 00:02:38,909 Yeah. That definitely needs to be patched. 38 00:02:41,381 --> 00:02:44,887 Those are arbitrary code that are running remotely 39 00:02:44,916 --> 00:02:46,821 and buffer overflows are particularly bad. 40 00:02:47,461 --> 00:02:51,709 Anything that is rated critical will be rated for good reason 41 00:02:52,189 --> 00:02:53,509 and definitely should be applied. 42 00:02:53,541 --> 00:02:57,687 And anything that’s important should be important to apply. 43 00:02:58,581 --> 00:03:02,545 You can see the CVSS score here, 44 00:03:02,610 --> 00:03:04,327 9.3 and that's 45 00:03:05,003 --> 00:03:07,061 something the industry’s trying to adopt 46 00:03:07,149 --> 00:03:10,232 in order to have a universal standard for 47 00:03:10,894 --> 00:03:13,680 how dangerous something is, 48 00:03:13,716 --> 00:03:15,440 and it can help you make a decision 49 00:03:15,469 --> 00:03:18,029 as to whether or not you want to apply it or not 50 00:03:18,494 --> 00:03:20,305 But if it's red, apply it. 51 00:03:22,298 --> 00:03:26,145 Details for vulnerabilities for all types of software and 52 00:03:26,480 --> 00:03:31,149 operating systems can be found on a few places. 53 00:03:32,872 --> 00:03:36,290 This Common Vulnerabilities and Exposures is a good place. 54 00:03:37,120 --> 00:03:39,723 The National Vulnerability Database 55 00:03:42,887 --> 00:03:45,040 and CVE Details itself.