I. Background of Patch Management
A software patch is an additional piece of program codes or executable designed to fix problems with, or update a computer program or its supporting data. This includes fixing security vulnerabilities / bugs and improving the usability / performance of patched objects.
Patch management is a strategic and planned process to determine what patches should be applied to which systems at a specified time.
Software vendors or programmers publish and apply patches typically in four different approaches:
- Binary Executable Patch
Patches for proprietary software can be published as binary executables as the source codes are withheld by their vendors. This type of patches are usually packaged as executable files (e.g. EXE files in Windows platform, BIN files in Unix platform), which modify or replace the specified files of the software programs when users execute the patches.
Binary executable patches are usually applied via the following approaches:
- Manual download of patch packages that include an executable component to add, modify or delete relevant program codes and other data like sounds, graphics and videos to the software programs; and
- An embedded update function of the software program, which automatically downloads patch packages from the web servers designated by the vendors. The update function can be triggered by users or according to pre-defined schedule.
As a typical example, Windows operating system provides both manual download and automated update function to their customers. Users can individually download specified patch files from Microsoft's website and apply to their Windows systems. Or they can simply schedule the "Windows Update" function to identify, download and install various patches on a regular basis.