Intelligent CISO Issue 02 | Page 33

PREDICTIVE
INTELLIGENCE

You ’ ve been warned :

BeyondTrust ’ s Morey Haber talks about compatibility issues between Windows Update and anti-virus software

With a responsibility for strategic business discussions and vulnerability management architectures , BeyondTrust ’ s Vice President of Technology , Morey Haber , knows a thing or two about safeguarding systems . Here , Mr Haber – who has more than 20 years of IT industry experience and is the author of Privileged Attack Vectors – discusses the issue of compatibility between Windows updates and anti-virus software .
f you think

I back only about 10 years ago , Microsoft Windows Update was a part of Internet Explorer and you had to run it over and over , reboot in between , and patiently wait for each patch to download and install until the asset was up-to-date .

In addition , if any patches failed , diagnosing the issue was difficult and could prevent additional dependent updates from being applied as well . For an operating system like Windows XP or Windows 7 , this could be literally hundreds of patches , so organisations embraced service packs and cumulative updates to shorten this process and ensure every required patch was applied .
A single update versus potentially dozens allowed for a time savings and an easier patch cycle . Hence , ‘ a patch in time saved nine ’ as a pun on the old cliché . In today ’ s environment , things are changing again and that may no longer be true . Beginning with Windows 10 , Microsoft began enforcing automatic patch deployments on its desktop operating system . Recently this has evolved to bundling all of the patches in one distribution versus allowing organisations to select which ones to deploy .
While enterprises still have the ability to control their own patch schedules , most environments are forced to accept them every month and as one bundle . This ensures the latest and greatest are always delivered and vulnerabilities are automatically remediated in a timely manner . That is a good thing . Right ? What is changing next that we need to be concerned about ?
With the recent news of the Intel vulnerabilities , and subsequent patches for Spectre and Meltdown , Microsoft did something very unusual to its update process . Early on when testing security updates , Microsoft noticed that many anti-virus vendors were not compatible with the fixes . They were notified , encouraged to test the fixes and issue updates accordingly . To keep track of these incompatibilities Microsoft added a new compatibility registry key that must be set by an www . intelligentciso . com | Issue 02
33