Common Vulnerabilities and Exposures (CVEs)
Common Vulnerabilities and Exposures (CVEs)
A CVE is a known, documented exploit in firmware, Operating System or Application software that allows the circumvention of security measures in place on a given device, usually by obtaining administrative privileges in the process of exploiting the known vulnerability. CVEs are patched with firmware updates and security patches on a monthly, weekly and sometimes even daily basis.
We monitor for CVEs on the endpoints that our endpoint manager is installed on. Many Windows 10 systems are still running old builds of Windows 10. There is a major feature update released about every six months and build 20H2, the latest update, patches a whole Christmas list of these CVEs. If our Endpoint Manager is installed on your device and you are running something older than build 20H2, we have already been alerted to the CVEs present on your device.
Even if you are not on a monthly support plan with us, we still get these alerts so long as our endpoint manager is on your device, so we might be reaching out to you soon to see what you want to do about it. If you are on a monthly support plan with us, you are already well aware of how frequently we push out updates to your device.
It’s the number one complaint we get from end users. “I just did an update last week”. Well, yeah, and there are new critical updates out this week too that also need to be installed. It’s important to keep your endpoints running with the latest OS security patches and firmware updates. Our Client Security agent helps to protect your endpoint from 100% of unknown processes but security patches are another very important layer of protection. We also monitor and automatically deploy many supported third party application patches if you are on a monthly plan with us.
If you’re not on a monthly support plan with us though, even though you might have our Endpoint Manager installed on your device, your device is likely at the whim of whenever Windows Update deploys those patches, if it deploys them at all. We see a lot of endpoints where Windows update simply isn’t doing its job for one reason or another, which is why we don’t rely on Windows update to verify that a system is being kept up to date. There’s also the fact that Windows 10 Features updates are different from regular patches and requires you opting into receiving the update either through Windows Update in Windows Settings with each new feature update or when the need to upgrade is so severe that Microsoft finally pops up a notification pleading with you to update to the next supported feature update for your build of Windows 10.
