Patches update software programs and could help protect systems running those programs from attacks. A patch can be an upgrade (adding features), computer bug fix, new hardware driver installation or an update to address new issues, such as security or stability problems.

If patches are not installed regularly, the network and computers have an increased risk of vulnerability to viruses and other problems because known problems with software are not corrected. Because attackers are aware of these potential weaknesses, they can look for and exploit unpatched software.

Additionally, when vendors stop supporting certain software versions, they may stop providing technical support or bug and security fixes (patches) for those versions. Without ongoing updates, security weaknesses and bugs in the software can be exploited by attackers in a wide range of ways.

Many unsupported and outdated software programs have vulnerabilities that were previously discovered and are well known by attackers. Code to exploit some of those vulnerabilities is freely available on the Internet and could allow attackers to gain unauthorized access and inappropriately modify or steal data residing on vulnerable computers.

The Information Technology Governance LGMG can be downloaded at https://www.osc.ny.gov/files/local-government/publications/pdf/information-technology-governance.pdf