Definition

out-of-band patch

Part of the Application security glossary:

An out-of-band patch is a patch released at some time other than the normal release time. Microsoft, for example, normally releases patches on the second Tuesday of every month. A patch, sometimes called a "fix," is a quick-repair job for a piece of programming.

Next Steps

The usual reason for the release of an out-of-band patch is the appearance of an unexpected, widespread, destructive exploit such as a virus, worm, or Trojan that will likely affect a large number of Internet users. A good example is a so-called zero-day exploit, which takes advantage of a security hole on the same day that the vulnerability becomes generally known, so there exists no elapsed time (zero days) between the discovery of the vulnerability and the first attack that comes as result of it.

When deciding whether or not to release an out-of-band patch, software vendors take several factors into account by asking themselves questions such as the following.

  • Is this particular event serious enough to warrant the release of a patch out of the normal cycle?
  • How widespread is the attack? How many people are likely to suffer adverse effects if we do not release a patch immediately?
  • Has the vulnerability occurred close enough to the normal release date to make it reasonable to wait until then to release the patch?
  • Will the rushed development and release of a quick patch likely disturb program functionality, perhaps producing more trouble than it resolves?
  • Is the threat stable, or is it evolving (or likely to evolve) day by day?

 

This was last updated in March 2013
Contributor(s): Stan Gibilisco
Posted by: Margaret Rouse

Related Terms

Definitions

  • DCPromo (Domain Controller Promoter)

    - DCPromo (Domain Controller Promoter) is a tool in Active Directory that installs and removes Active Directory Domain Services and promotes domain controllers. (SearchWindowsServer.com)

  • virtual patching

    - Virtual patching is the quick development and short-term implementation of a security policy meant to prevent an exploit from occurring as a result of a newly discovered vulnerability. A virtual pa... (WhatIs.com)

  • mobile app security

    - Mobile app security is the extent of protection that mobile device application programs (apps) have from malware and the activities of crackers and other criminals. (WhatIs.com)

Glossaries

  • Application security

    - Terms related to application security, including procedural definitions for preventing software vulnerabilities and words and phrases about secure code development.

  • Software development

    - Terms related to software development, including definitions about programming and words and phrases about Scrum, Agile and waterfall methodologies.

  • Security threats and countermeasures

    - Terms related to security threats, including definitions about anti-virus programs or firewalls and words and phrases about malware, viruses, Trojans and other security attacks.

Dig Deeper

Continue Reading About out-of-band patch

People Who Read This Also Read...

Ask a Question. Find an Answer.Powered by ITKnowledgeExchange.com

Ask An IT Question

Get answers from your peers on your most technical challenges

Ask Question

Tech TalkComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.
    Back to top