Home

unpatched

Unpatched refers to software, firmware, or systems that have not had security updates or patches applied, leaving known vulnerabilities exposed. In information security, patches released by vendors address flaws that could be exploited to gain unauthorized access, execute code, or disrupt service. The term is commonly used to describe systems at elevated risk due to missing updates.

Causes and contexts: Patch management delays, testing and compatibility concerns, downtime requirements, resource constraints, or organizational

Risks and impact: Unpatched systems are more susceptible to exploitation, including malware, ransomware, data theft, and

Mitigation and management: Effective patch management involves inventory, vulnerability scanning, prioritization, testing, deployment, verification, and rollback.

See also: Patch management, Security vulnerability, EternalBlue, MS17-010.

policy;
in
some
cases
devices
run
legacy
or
embedded
software
with
no
current
patches.
In
critical
infrastructure,
patching
may
require
changes
to
downtime
windows
or
operator
approvals.
botnet
recruitment.
Large-scale
outbreaks
have
demonstrated
the
collective
risk
of
unpatched
ecosystems,
as
seen
in
the
WannaCry
outbreak
in
2017,
which
exploited
a
Windows
SMB
vulnerability
for
which
a
patch
existed
but
many
systems
remained
unpatched.
Use
of
automatic
updates
where
appropriate,
network
segmentation,
least
privilege,
intrusion
detection,
backups,
and
incident
response
planning.
For
devices
that
cannot
be
patched,
compensating
controls
or
isolation
are
used.