M0951 Update Software
Perform regular software updates to mitigate exploitation risk. Software updates may need to be scheduled around operational down times.
Techniques Addressed by Mitigation
| Domain |
ID |
Name |
Use |
| ics |
T0817 |
Drive-by Compromise |
Ensure all browsers and plugins are kept updated to help prevent the exploit phase of this technique. Use modern browsers with security features enabled. |
|
|
|
|
| ics |
T0819 |
Exploit Public-Facing Application |
Regularly scan externally facing systems for vulnerabilities and establish procedures to rapidly patch systems when critical vulnerabilities are discovered through scanning and public disclosure. |
|
|
|
|
| ics |
T0820 |
Exploitation for Evasion |
Update software regularly by employing patch management for internal enterprise endpoints and servers. |
|
|
|
|
| ics |
T0890 |
Exploitation for Privilege Escalation |
Update software regularly by employing patch management for internal enterprise endpoints and servers. |
|
|
|
|
| ics |
T0866 |
Exploitation of Remote Services |
Update software regularly by employing patch management for internal enterprise endpoints and servers. |
|
|
|
|
| ics |
T0862 |
Supply Chain Compromise |
A patch management process should be implemented to check unused dependencies, unmaintained and/or previously vulnerable dependencies, unnecessary features, components, files, and documentation. |
|
|
|
|
| ics |
T0857 |
System Firmware |
Patch the BIOS and EFI as necessary. |
|
|
|
|
| ics |
T0864 |
Transient Cyber Asset |
Update software on control network assets when possible. If feasible, use modern operating systems and software to reduce exposure to known vulnerabilities. |
|
|
|
|