Browse Definitions:
Definition

out-of-band patch

This definition is part of our Essential Guide: Catch up on the Windows Server patches of 2017
Contributor(s): Stan Gibilisco

An out-of-band patch is a patch released at some time other than the normal release time. Microsoft, for example, normally releases patches on the second Tuesday of every month. A patch, sometimes called a "fix," is a quick-repair job for a piece of programming.

The usual reason for the release of an out-of-band patch is the appearance of an unexpected, widespread, destructive exploit such as a virus, worm, or Trojan that will likely affect a large number of Internet users. A good example is a so-called zero-day exploit, which takes advantage of a security hole on the same day that the vulnerability becomes generally known, so there exists no elapsed time (zero days) between the discovery of the vulnerability and the first attack that comes as result of it.

When deciding whether or not to release an out-of-band patch, software vendors take several factors into account by asking themselves questions such as the following.

  • Is this particular event serious enough to warrant the release of a patch out of the normal cycle?
  • How widespread is the attack? How many people are likely to suffer adverse effects if we do not release a patch immediately?
  • Has the vulnerability occurred close enough to the normal release date to make it reasonable to wait until then to release the patch?
  • Will the rushed development and release of a quick patch likely disturb program functionality, perhaps producing more trouble than it resolves?
  • Is the threat stable, or is it evolving (or likely to evolve) day by day?

 

This was last updated in March 2013

Continue Reading About out-of-band patch

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchCompliance

  • internal audit (IA)

    An internal audit (IA) is an organizational initiative to monitor and analyze its own business operations in order to determine ...

  • pure risk (absolute risk)

    Pure risk, also called absolute risk, is a category of threat that is beyond human control and has only one possible outcome if ...

  • risk assessment

    Risk assessment is the identification of hazards that could negatively impact an organization's ability to conduct business.

SearchSecurity

  • principle of least privilege (POLP)

    The principle of least privilege (POLP), an important concept in computer security, is the practice of limiting access rights for...

  • identity management (ID management)

    Identity management (ID management) is the organizational process for identifying, authenticating and authorizing individuals or ...

  • zero-day (computer)

    A zero-day vulnerability, also known as a computer zero day, is a flaw in software, hardware or firmware that is unknown to the ...

SearchHealthIT

SearchDisasterRecovery

  • business continuity and disaster recovery (BCDR)

    Business continuity and disaster recovery (BCDR) are closely related practices that describe an organization's preparation for ...

  • business continuity plan (BCP)

    A business continuity plan (BCP) is a document that consists of the critical information an organization needs to continue ...

  • call tree

    A call tree -- sometimes referred to as a phone tree -- is a telecommunications chain for notifying specific individuals of an ...

SearchStorage

SearchSolidStateStorage

  • hybrid hard disk drive (HDD)

    A hybrid hard disk drive is an electromechanical spinning hard disk that contains some amount of NAND Flash memory.

Close