The process of patching software is one that often occurs as a necessity. There are weaknesses and areas of exploitation in nearly all code even when every step is taken to try to prevent such events from happening. This holds true even for companies like Microsoft. The November patches that were released were numerous and more than what Microsoft typically releases, but they addressed a multitude of problems. One of the most critical areas addressed relates to a vulnerability that was called WinShock which was discovered by a team of IBM officials previously in May of 2014. The vulnerability allows for drive by attacks where users are prompted to download code. The code is malicious and then allows for the computer to be taken over remotely leaving the user with no control. Vulnerabilities, such as these, are what make the patches that software companies and, in this case, Microsoft release so important. The vulnerability has been present in Microsoft Windows software since the release of the Windows 95 software package and went previously undetected by Microsoft. The concern is now that the vulnerability was detected, hackers and criminals with malicious intent can now exploit the vulnerability for their benefit. This is why it is important to apply the updates released by Microsoft so that the patch can be placed to prevent computers from being able to be attacked via this vulnerability. There was a patch released in October 2014 to cover the vulnerability, but it was later discovered that it did not solve the whole vulnerability and that there were ways around the patch that left the vulnerability available for the hackers. The new patch is meant to completely repair the vulnerability.
The concern is that if patches aren’t created or if the user chooses not to apply the patches and the hackers become aware of the vulnerability, computers are then at risk. It is the roll of software companies to notify users when there is a flaw or a potential weakness in their software. Often the weakness is not found by the company itself but by security firms or other companies. All intention is made to try to limit the knowledge of the weakness until a patch can be created. If the company chose not to release a patch because there are those that are tired of the multiple patches being released and criticizing the company for releasing so many patches, then the vulnerability would be left available and when the weakness was leaked, hackers and those with malicious intent would be able to strike multiple computers without being concerned that the software company was creating a patch. If the patch is created and placed by the majority of users, the availability of computers for the hackers to attack decreases. Although it seems like more and more patches are being released recently and that often it is taking more than one time to get the correct patch for the vulnerability, it is better to have patches created and run the updates to maintain security than to forgo the updates and leave the computer open for hackers to access.