Perform regular software updates to mitigate exploitation risk. Software updates may need to be scheduled around operational down times.
Domain | ID | Name | Use | |
---|---|---|---|---|
ICS | T0817 | Drive-by Compromise |
Ensure all browsers and plugins are kept updated to help prevent the exploit phase of this technique. Use modern browsers with security features enabled. |
|
ICS | T0819 | Exploit Public-Facing Application |
Regularly scan externally facing systems for vulnerabilities and establish procedures to rapidly patch systems when critical vulnerabilities are discovered through scanning and public disclosure. |
|
ICS | T0820 | Exploitation for Evasion |
Update software regularly by employing patch management for internal enterprise endpoints and servers. |
|
ICS | T0890 | Exploitation for Privilege Escalation |
Update software regularly by employing patch management for internal enterprise endpoints and servers. |
|
ICS | T0866 | Exploitation of Remote Services |
Update software regularly by employing patch management for internal enterprise endpoints and servers. |
|
ICS | T0862 | Supply Chain Compromise |
A patch management process should be implemented to check unused dependencies, unmaintained and/or previously vulnerable dependencies, unnecessary features, components, files, and documentation. |
|
ICS | T0857 | System Firmware |
Patch the BIOS and EFI as necessary. |
|
ICS | T0864 | Transient Cyber Asset |
Update software on control network assets when possible. If feasible, use modern operating systems and software to reduce exposure to known vulnerabilities. |