The word “patch” comes from the English and means “mending”. This describes what it means and its functionality very well: just as a patch can plug a hole, patches close gaps in IT applications. Software applications are updated, improved, extended or even corrected with patches. Under certain circumstances, this can happen without the user having to do anything.
In general, there are four categories of patches: bugfix, hotfix, security patch and update.
Bugfix: A bugfix corrects and eliminates software errors. If a program has a “bug”, malfunctions or failures occur and the user cannot use the software as intended by the developers. Examples are A function can no longer be called up, the login does not work or the program closes by itself.
Hotfix: A hotfix also rectifies software errors. The only difference to a bugfix is the urgency with which the error is rectified. This is where the name “hotfix” comes from. The English words “hot” and “fix” are combined here, suggesting that the software error is a critical problem that needs to be solved quickly. An example could be that the impairment leads to an accumulation of customer complaints, that the error affects other applications or even other production areas.
Security patch: A security patch is a bug fix for a security vulnerability that poses an increased security risk to the organization. This is the case when criminal actors can exploit existing vulnerabilities in software and gain access to the system to execute malicious code and compromise the entire system. Zero-day vulnerabilities are particularly insidious. In these cases, cybercriminals know about the existing vulnerability and exploit it before the software manufacturer is even aware of the existence of the vulnerability and therefore before a security patch can be made available to users. Known zero-day vulnerabilities are, for example, the security vulnerabilities around the Microsoft Exchange Server. Here too, attackers have already exploited the vulnerabilities before Microsoft itself was aware of the gaps.
Updates: Updates are extensions and renewals of existing software. Unlike the examples mentioned above, this is not about fixing a bug or a malfunction, but about providing the user with further developments or optimizations of the software – e.g. through new features, new functions or simply an increase in performance.
Patches and updates have many advantages. Updates often improve performance. Work and handling is often made easier and optimized. They also ensure that compatibility with other software applications or hardware elements is maintained.
Above all, however, the security aspect plays a major role. If bugs and errors are not fixed in time, there is a risk that they will become more susceptible to viruses, Trojans and other malware(malicious software). Security patches should always be installed immediately. This is the only way to ensure that no criminal actors exploit these gaps to gain unauthorized access to the systems.
Note: Perseus offers all companies that use the online portal for cyber security a threat newsletter that informs them about current security vulnerabilities.
