What is patch management?
Patch management is the process of distributing and applying updates to software, such as operating systems (OS), platforms, and applications. It involves identifying out-dated software within your infrastructure, applying patches to that software, and validating the installation of those patches. These patches are often necessary to fix errors in the software, which are often referred to as vulnerabilities or bugs.
Why is patch management important?
Patch management is important for three main reasons:
- Security: Patch management fixes vulnerabilities in your software (OS, platform, application) that are susceptible to exploitation. It helps your organization to reduce the risk of cyberattacks.
- Compliance: Organizations are often required by regulators to follow strict guidelines because of the constant increase in cyberattacks. Patch management is a necessary part of complying to certain standards, such as PCI DSS, HIPAA, SOC 2, ISO 27001, or BSI.
- System uptime: Patch management ensures your software is kept up-to-date and running smoothly without errors causing system downtime.
Finding missing patches with Mondoo
As a part of its full-stack security solution, Mondoo identifies what important patches are missing from your systems. For this blog post, I set up some vagrant Linux machines with out-of-date operating systems. I'll use them to walk through some different ways that Mondoo shows you the patches needed.
Prerequisite: Please create a free account on console.mondoo.com.
Mondoo offers different options for scanning a Linux vagrant system:
Option 1: Install Mondoo Client on the Windows system
Option 2: Use vagrant transporter
Option 3: Use SSH transporter
Option 1: Find missing patches with Mondoo
- Login to the vagrant Windows 2016 system via Remote Desktop Protocol (RDP):
Bashxfreerdp /u:vagrant /v:192.168.56.252:3389 /h:2048 /w:2048 /p:'vagrant'
Open a Windows PowerShell as an administrator:
- Install Mondoo Client:
A. Log into your account at console.mondoo.com
B. Go to the Integrations tab and select Windows
C. Set the PowerShell execution policy
PowershellSet-ExecutionPolicy RemoteSigned -scope CurrentUser
D. Copy the CLI commands that Mondoo provides and paste them in the Windows 2016 PowerShell.
E. After the Mondoo Client installation finishes, add the Mondoo path and type mondoo status to verify that Mondoo Client is registered and working. It should look like this:
Powershell$env:Path = 'C:\Program Files\Mondoo\;' + $env:Pathmondoo status
After a Windows restart, the installation path is automatically added to the PowerShell path variable.
F. Quickly verify that the following policies are enabled for your space:
- Platform End-of-Life Policy by Mondoo
- Platform Vulnerability Policy by Mondoo
Your Policy Hub should look like this:
- Run the Mondoo scan in PowerShell
Powershellmondoo scan local
Mondoo Client connects to the Mondoo backend and downloads the enabled policies. After the scan, Mondoo Client reports results back to the Mondoo backend.
Click the report URL to open the Mondoo Space overview page, which shows the Windows 2016 asset and the top vulnerabilities within the Mondoo Space.
- Select Fleet and then select the Windows asset to see the Mondoo asset overview page for the Windows 2016 system.
In the system overview, the Mondoo Dashboard highlights that the Windows 2016 operating system is close to the end-of-life date. By default there is also a Windows Security Baseline enabled. Select Platform Vulnerabilities to see the Advisories and CVE that affect this system. Mondoo shows:
- Which KB you must install to fix the vulnerability
- How critical the vulnerability is
- An overview of the advisories and CVEs
Option 2: Scan a Windows vagrant machine via vagrant transporter
-
Install and register Mondoo Client on your host system running the vagrant Windows 2016 system.
-
Run the following command:
Bashmondoo scan vagrant win2016
Option 3: Scan a Windows system remote via ssh transporter
-
Install and register Mondoo Client on your host system running the vagrant Windows 2016 system.
-
Run the following command:
Bashmondoo scan ssh vagrant@192.168.56.252 -p 'vagrant'
Scan other operating systems
You can also scan the Windows 2019/2022 and Windows 10/11 systems I set up for this article. Use the installed Mondoo Client, ssh transporter, or vagrant transporter.
Scan via vagrant transporter:
Bashmondoo scan vagrant win2016mondoo scan vagrant win10mondoo scan vagrant win2019mondoo scan vagrant win2022
Scan via ssh transporter:
Bashmondoo scan ssh vagrant@192.168.56.252 -p 'vagrant'mondoo scan ssh vagrant@192.168.56.249 -p 'vagrant'mondoo scan ssh vagrant@192.168.56.230 -p 'vagrant'mondoo scan ssh vagrant@192.168.56.236 -p 'vagrant'
Don't limit yourself to scanning the machines I set up for this exercise! You can follow the same steps to scan your own infrastructure.
Mondoo's full-stack security solution identifies vulnerabilities and provides steps to fix the problems. Keep scanning and discover how you can harden your systems. If you have questions, we'd love to help.
