Patches, updates or other vendor mitigations for vulnerabilities in applications other than office productivity suites, web browsers and their extensions, email clients, PDF software, and security products are applied within one month of release.
Topic
When to patch vulnerabilities
Applicable to
all
History
Sep 2023
Patches, updates or other vendor mitigations for vulnerabilities in applications other than office productivity suites, web browsers and their extensions, email clients, PDF software, and security products are applied within one month of release.
References to ‘security vulnerabilities’ were replaced with ‘vulnerabilities’.
Jun 2023
Patches, updates or vendor mitigations for security vulnerabilities in applications other than office productivity suites, web browsers and their extensions, email clients, PDF software, and security products are applied within one month of release.
The existing control relating to ‘applying patches, updates or vendor mitigations for security vulnerabilities in other applications’ was amended to ‘applying patches, updates or vendor mitigations for security vulnerabilities in applications other than office productivity suites, web browsers and their extensions, email clients, PDF software, and security products’ to avoid confusion when the control is read in isolation.