A Free Educational Resource Created by Carnegie Mellon University to Empower You to Secure Your Part of Cyberspace

Patch

A modification to a software program or an operating system that is issued by the manufacturer

A patch is a modification to a software program or an operating system that is issued by the manufacturer. Patches are "applied" on top of the existing software. This means that the user does not have to uninstall the software; he or she just downloads and runs the patch file, which automatically changes the software code and updates the software. This is how patches differ from new versions of software. With new versions, it may sometimes be necessary to uninstall the old version before installing the new one.

In their most general form, patches are used to address any security holes that may be present in the software. If any security issues are found in the software that could be used by malicious individuals to gain access to the user's system, the software manufacturer will fix the security bug and release the patch.

Patches are also provided to fix other bugs that may be present in the software. Oftentimes, this makes no change to the user interface, and so the user sees no apparent change in the software. With these kinds of patches, all the updates are done "under the hood."

Another kind of patch is for feature addition. When a software manufacturer wants to add more features to a product but feels the additions do not warrant a new version release, or when customers will not be willing to pay for a newer version, the manufacturer may release these features in the form of a patch. These patches are called "upgrades."

The last kind of patch is for compatibility issues. Software packages are built to run on a specific operating system. If a user upgrades their operating system, e.g. from MS Windows XP to MS Windows Vista, the software may not run correctly. In this case, the software manufacturer provides a patch that modifies the software to run correctly on the new operating system. However, such patches will only work within a particular family of operating systems like MS Windows, and then only when upgrading to a newer operating system. Patches will not work if the user switches from Windows to some version of Linux; for example, and in this case, the user will need to install a version of the software tailored for Linux.

Microsoft Windows Update downloads and installs patches for the Windows operating system and other Microsoft packages. The Windows Service Packs for their operating systems are actually large patches for various components bundled together. Some security fixes are very important and need to be applied in order to prevent the system from being compromised. Users cannot always be relied upon to install patches in time, so the Windows Update has features to automatically:

  • Download and install the updates;
  • Download the updates and then remind the user to install them; or
  • Download the updates and allow the user the choice of which updates to install.

Users can choose the setting they prefer and thus update their computer.

Example of Windows Update running

Image source: Microsoft 

It is important to realize that patches are not 100 percent secure. While patches are often used for resolving old bugs or fixing security issues, they may introduce their own bugs. If this is the case, the manufacturers could "rollback" the patch and issue a new one.

Most applications have built-in options or menus to either automatically update or remind the user of patches that may be available.

My home page