Browse Definitions :
Definition

out-of-band patch

An out-of-band patch is a patch released at some time other than the normal release time. Microsoft, for example, normally releases patches on the second Tuesday of every month. A patch, sometimes called a "fix," is a quick-repair job for a piece of programming.

The usual reason for the release of an out-of-band patch is the appearance of an unexpected, widespread, destructive exploit such as a virus, worm, or Trojan that will likely affect a large number of Internet users. A good example is a so-called zero-day exploit, which takes advantage of a security hole on the same day that the vulnerability becomes generally known, so there exists no elapsed time (zero days) between the discovery of the vulnerability and the first attack that comes as result of it.

When deciding whether or not to release an out-of-band patch, software vendors take several factors into account by asking themselves questions such as the following.

  • Is this particular event serious enough to warrant the release of a patch out of the normal cycle?
  • How widespread is the attack? How many people are likely to suffer adverse effects if we do not release a patch immediately?
  • Has the vulnerability occurred close enough to the normal release date to make it reasonable to wait until then to release the patch?
  • Will the rushed development and release of a quick patch likely disturb program functionality, perhaps producing more trouble than it resolves?
  • Is the threat stable, or is it evolving (or likely to evolve) day by day?

 

This was last updated in March 2013

Continue Reading About out-of-band patch

SearchCompliance

  • information governance

    Information governance is a holistic approach to managing corporate information by implementing processes, roles, controls and ...

  • enterprise document management (EDM)

    Enterprise document management (EDM) is a strategy for overseeing an organization's paper and electronic documents so they can be...

  • risk assessment

    Risk assessment is the identification of hazards that could negatively impact an organization's ability to conduct business.

SearchSecurity

  • spam trap

    A spam trap is an email address that is used to identify and monitor spam email.

  • honeypot (computing)

    A honeypot is a network-attached system set up as a decoy to lure cyber attackers and detect, deflect and study hacking attempts ...

  • cracker

    A cracker is someone who breaks into someone else's computer system, often on a network; bypasses passwords or licenses in ...

SearchHealthIT

SearchDisasterRecovery

  • risk mitigation

    Risk mitigation is a strategy to prepare for and lessen the effects of threats faced by a business.

  • call tree

    A call tree is a layered hierarchical communication model that is used to notify specific individuals of an event and coordinate ...

  • Disaster Recovery as a Service (DRaaS)

    Disaster recovery as a service (DRaaS) is the replication and hosting of physical or virtual servers by a third party to provide ...

SearchStorage

  • cloud testing

    Cloud testing is the process of using the cloud computing resources of a third-party service provider to test software ...

  • storage virtualization

    Storage virtualization is the pooling of physical storage from multiple storage devices into what appears to be a single storage ...

  • erasure coding

    Erasure coding (EC) is a method of data protection in which data is broken into fragments, expanded and encoded with redundant ...

Close