This site has been deprecated in favor of https://attack.mitre.org and will remain in place until 11/1/22.
Jump to navigation Jump to search
|NIST SP 800-53 Rev. 4||SI-2|
|IEC 62443-4-2:2019||CR 3.10|
Perform regular software updates to mitigate exploitation risk. Software updates may need to be scheduled around operational down times.
Techniques Addressed by Mitigation
|Drive-by Compromise||Ensure all browsers and plugins are kept updated to help prevent the exploit phase of this technique. Use modern browsers with security features enabled.|
|Exploit Public-Facing Application||Regularly scan externally facing systems for vulnerabilities and establish procedures to rapidly patch systems when critical vulnerabilities are discovered through scanning and public disclosure.|
|Exploitation for Evasion||Update software regularly by employing patch management for internal enterprise endpoints and servers.|
|Exploitation for Privilege Escalation||Update software regularly by employing patch management for internal enterprise endpoints and servers.|
|Exploitation of Remote Services||Update software regularly by employing patch management for internal enterprise endpoints and servers.|
|Supply Chain Compromise||A patch management process should be implemented to check unused dependencies, unmaintained and/or previously vulnerable dependencies, unnecessary features, components, files, and documentation.|
|System Firmware||Patch the BIOS and EFI as necessary.|
|Transient Cyber Asset||Update software on control network assets when possible. If feasible, use modern operating systems and software to reduce exposure to known vulnerabilities.|