Battle of the Week - Manual Updates
Infrastructure of a rural small business with VPN connections to remote customer sites.
WSUS automatically updates servers and workstations.
Ops team was notified about CVE-2020-1350, which concerns a remotely exploitable bug in more or less all versions of Windows Server that attackers could use to install malicious software simply by sending a specially crafted DNS request.
Workstations are updated automatically, but servers download the updates and must be told to install and reboot/apply the patches. This, along with pre-patch backups, help decrease the chance of installing a faulty update to a critical system. We also use a Plan of Actions & Milestones (POA&M) to track and strategize a continuous, disciplined, and structured approach to tracking risk mitigation activities. The POA&M is created by using vulnerability scans produced by the SIEM and Tenable that covers an industry-leading 50,000+ vulnerabilities and covers more technologies to provide accurate scanning and minimal false-positives. These are then compiled in a month-over-month report that provides an exact insight into how these hazards are being handled.
Never assume that updates are being installed. Always check, document, and track vulnerabilities to ensure your network is as secure as it can be.