Call: 1300 422 542

Calibre 1 Essential 8 Series: Patch Applications

patch applications

Calibre 1 Essential 8 Series: Patch Applications

This blog is part of a series of blogs on the essential 8 and how you can implement each in a cost-effective way.


Previous Blogs in the Series

MultiFactor Authentication (MFA) Maturity 1
Patch Operating Systems
Restrict Administrative Privileges
User Application Hardening
Microsoft Office Macro Settings



Patching is so nice, it’s in the essential 8 twice!!  This time we’re in for a treat as we tackle applications on repeat.   This one line up with the previous blog Patch Operating Systems, however, addresses those application and productivity suites that lie on the operating system themselves.  These systems and applications often are a little more difficult to keep on top of than the operating system counter parts and the steps, and management of such systems is ever a challenge.    For the essential 8; applications are, office productivity suites (Microsoft Office), Web Browsers and their extensions, PDF Software, and security products, and then everything else*.  

*Everything else only matters at level 2+


Every (2) Day(s) I’m patch-(el)-ing, patch-(el)-ing

We maintain the same rapid 48-hour schedule for Known Exploited Vulnerabilities.  For Maturity 1, it’s only internet facing, at maturity 3, it’s all devices.  For the record, I agree with timeline, and believe that daily patching across the board lowers the risk of breach considerably.  However, your mileage may vary when weighed up against the balance of availability vs confidentiality & integrity – it’s a risk discussion, and I am happy to have the risk discussion with those to determine the best fit for your organisation.  The CISA has an RSS feed that you can subscribe to ensure you stay up to date, Calibre 1 also have our security team on top of this sort of thing, and are reviewing the KEV list as it updates and taking appropriate actions, so feel free to lean on our support team if that suits.  For Non-Internet facing devices, the patch cycle at each level is 1 month, 2 weeks and weekly.  For something that is going to be sorted by automation, I would look to set this up to be a daily task and have it automatically updated – in most instances, this is what happens.


I’m scanning and I know it!

A vulnerability scanner is deployed and in use on workstations – As discussed on the Patch Operating systems piece, Microsoft have created a fantastic offering that covers this niche in Microsoft Defender P2 – the best part is that it comes on the business premium offering of Microsoft 365, so in most instances this will just require rollout via the Microsoft Endpoint manager portal.  Those internet devices need to be scanned daily, and notification profiles can be set up for anything it finds.  At each level its simplest to set this up to scan weekly for all applications – However there is technically only a requirement for fortnightly for some applications.

Anything that’s end of life, end of support – replace it with something that’s getting active patching.



That’s really it for this one, we have 1 more to go to round out the Essential 8, but don’t wait!  Give us a call and let’s get started on bringing your ICT through the essential 8.  Not only do I appreciate talking to all you great people out there about security – but more importantly the Ukraine Russia conflict is something we’re all keenly aware of in the media, with petrol costs skyrocketing and projected to hit $2.50+ we are truly going to see small – medium businesses begin to suffer from ransomware attacks, and ultimately that kind of thing hurts the little guy more than it hurts everyone else.  Make sure you’re taking appropriate measures to address business continuity and give your layered cyber defence a boost by implementing the 8.  Give us a call – we’re here to help.

Share This Post
Subscribe To Our Newsletter
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

More To Explore

Find out what our team can do for your business.

Let us know how we can help

Contact Us
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.