Patch management tricks and techniques

Author:

I. What is a patch?
In technical terms, “Patch” are the changes performed on a computer program/software to enhance its security shield against newly rising cyber-attacks. In simple terms, we can also refer to them as software updates that includes fixing vulnerabilities, performance bugs, or error discovered after product release. Along with all these fixations, vendors may also include enhanced security features to their software, when the patch is released.
II. If patch is missing what vulnerability it causes?
Many may feel that updates delay and keep them from doing their everyday work, but these updates are mandatory as they offer security for the devices and also for the data contained in those devices. Missing patch updates can result to cyber-attacks, data exposure, malware and ransomware attacks, etc. If your system is found to be missing patches, it becomes much easier for attackers to sabotage your system as the vulnerabilities for your unpatched system already exists and available on internet
III. Which vendors create patches?

  • Microsoft
  • Adobe Mozilla
  • Apple
  • Oracle
  • Sonicwall
  • Fortinet
  • Red Hat Linux
  • Cisco

IV. What to do when a patch update fails?
Listed below are the few steps that can be followed when you patch update fails.
1) Restart and try running your windows machine again.
Restarting the machine can fix the problem when there are 2 updates waiting. In such situation after one update is complete you need to restart the machine and then start with the next update. This is one of the common cases where the “Update Failed” message is shown.
2) Pause Updates
Pausing the update and then restarting the system is a substitute for deleting the SoftwareDistribution directory from your Windows directory. This helps in clearing all downloaded updates so you can try windows update again.
Step1: Start ->

Step2: Settings ->

Step3: Update & Security ->

Step4: Windows Update ->

Step5: Click the Pause updates for 7 days option ->

Now restart your device -> Open Settings -> Click on Update & Security -> Click on Windows Update -> Click the Resume updates button.
3) Checking internet connection
Always check whether you are connected to internet before starting with the update as internet connection is to download and install the updates. You can check your internet connection by going to command prompt and pinging google.com (ping google.com). If you get reply output in means you are connected to internet.
4) Freeing up space
“No enough space” is another common error encountered while performing windows update. This is due to lack of storage space. For this you don’t need to delete your applications or confidential files rather you can simply delete files from the temporary files section.
Step1: Start ->

Step2: Settings ->

Step3: Click on System ->

Step4: Click on Storage ->

Step5: Click the Temporary files section ->

Step5: Select the files that you want to clear to free up space -> Click the Remove files

5) Restart Windows Update related services
Windows update may fail also due to existence of corrupt services, temporary files, folders that are associated with Windows Update. Under such case it is advised to boot those services before starting the windows update.
Steps: Start -> Command Prompt (run as administrator) -> Run following commands to stop their services. (Press Enter after typing each Command)
• net stop bits
• net stop wuauserv
• net stop appidsvc
• net stop cryptsvc

Now using the following commands rename the SoftwareDistribution and catroot2 folders. This will create new folders and make the system to ignore the issues faced in older folders. (Press Enter after typing each Command)
• Ren %systemroot%\SoftwareDistribution SoftwareDistribution.old
• Ren %systemroot%\system32\catroot2 catroot2.old

Now restart the services using the following commands and check whether the windows update works. (Press Enter after typing each Command)
• net start bits
• net start wuauserv
• net start appidsvc
• net start cryptsvcupdt
6) Disable your antivirus
Temporarily disable and check if the update failed error still exists. Cause sometimes the antivirus blocks the new updates. If the error is resolved on disabling the anti-virus, it is advised to contact your antivirus software vendor and get their advice on the same.
7) Update your drivers
Many a times if the device drivers are not up-to-date and you’re using the wrong one, then during windows update the issue will be reflected and the update would fail. Therefore, it is advised to keep a check on your drivers and keep them up-to-date to avoid unnecessary system errors.

8) Try windows update trouble-shooter
Windows now provides windows update troubleshooting function that helps in fixing the issue or error faced in windows update.
Step1: Start ->

Step2: Settings ->

Step3: Update & Security ->

Step4: Troubleshoot->

Step5: Additional trouble-shooters ->

Step6: Windows update “resolve problems that prevent you from updating windows” -> Run the trouble shooter


After sometime it will show you the error faced and fixed.
After this you can run the windows update again and check if the issue is fixed or not and continue with the update.
9) Delete the software distribution directory
If the troubleshooting hasn’t fixed the update failed error, the next resort will be to clear all older updates and start over again.
Step1: Restart machine in safe mode – >

Step2: Open File Explorer -> Navigate to the Windows folder ->

Step3: Delete the folder called “SoftwareDistribution”.

Now restart your system and if you have disabled windows update, turn it ON and try the update again.
10) Run DISM and System File Checker
If there are any corrupt files on your operating system there is a possibility that the windows update will fail. To fix this issue windows have their inbuilt tools like DISM and System File Checker that identifies the corrupt files and fixes them.
Step1: Start ->

Step2: Command Prompt (run as administrator) ->

Step3: Run this command to clean the corruption on system components:
DISM /online /cleanup-image /restorehealth

Step4: Now run the next command for System File Checker:
SFC /scannow

If any errors are found while running the scan, the tool fixes the issue and then writes it to the CBS log. Now restart your machine and try windows update again.

11) Manually Download and install updates
At times the windows update does not let us download certain updates. Under such cases we need to download and install the updates manually.
Steps:
• Identifying system type
Start -> Settings -> System -> About – > Note the system type, under Device specifications” -> Note the version number, under “windows specification”

• Downloading uploads
Open View Update History->

Select version that matches with the one you have noted down. -> Similarly check the base number of the latest update and note it down (e.g. KB4530684) -> Open Microsoft Update Catalog -> Search the base number you had noted down (KB4530684) -> Now download the version that matches with your system.
• Installing updates
Start -> Command Prompt (run as administrator) -> To install the update, type the command in the given format and press Enter:
wusa C:\PATH_TO_UPDATE\NAME_OF_UPDATE.msu /quiet /norestart
Now the installation will start and after the completion of it, reboot your system. If the update is successfully installed the windows update should work fine.

12) Restore your Windows
There is a possibility that you might have made some changes to the system due to which the windows update is getting failed. To fix this you can restore you system that will undo all the changes done.
Steps: Start -> search for Restore -> Click on “Create a restore point” -> Click on System Restore -> Follow the restore system files & settings onscreen instructions to restore the system.

V. How to download & apply patches?

Steps:
• Identifying system type
Start -> Settings -> System -> About – > Note the system type, under Device specifications” -> Note the version number, under “windows specification”
• Downloading uploads
Open Windows Update History -> Select version that matches with the one you have noted down. -> Similarly check the base number of the latest update and note it down (e.g. KB4530684) -> Open Microsoft Update Catalog -> Search the base number you had noted down (KB4530684) -> Now download the version that matches with your system.
• Installing updates
Start -> Command Prompt (run as administrator) -> To install the update type the command in the given format and press Enter: wusa C:\PATH_TO_UPDATE\NAME_OF_UPDATE.msu /quiet /norestart
Now the installation will start and after the completion of it, reboot your system

VI. How to detect missing patch?
To ensure if all the patches have been completed or not, you will have to go to the folder created when the windows update completes and check whether all the patches have been updated.

VII. What should be the patching frequency?
Patches need to be done at least once every month. Especially when an emergency patch is released ensure to do it on emergency basis. Never think a patch management will hinder your daily work. In fact, ignoring a pact will cause even greater damage to your system.