When a company issues a patch to fix security issues the bad guys start salivating. They know that in many cases they now have the opportunity to take advantages of vulnerabilities that the previously did not know about.
Hackers can easily reverse engineer patches.
When a patch is released a hacker will first review the published issues that the newly released patch intends to fix. Many times the hacker can read the publisher’s write up and get a good handle of the severity of the vulnerabilities that are being patched. If the patch details lead one to believe that the fix is urgent due to a high risk vulnerability there is motivation for the bad guy to reverse engineer the patch with the goal of identifying the exact issue.
Next, the hacker will create an exploit for the identified vulnerability.
The bad guy now knows the exact details of what the patch fixed. The hacker will now have the ability to determine the steps needed to exploit the vulnerability. Hackers often just find an unpatched system and start working. Others will spin up virtual machines and test in their own lab environment to perfect the process before taking it to the wild.
Hackers now can identify unpatched systems and begin their attack.
Everyone, including the bad guys know that patch management is lacking in many organizations. The hackers take advantage of this to exploit as many systems as they can. As time goes by companies eventually get caught up on their patches and close the loophole. But by this time it may be too late. The organizations who don’t patch in a timely basis may already have experience a serious breach or worse.
In summary, many hackers watch for patches to be released. They then do their magic by figuring out what the patch fixed and take advantage of the many companies who are not on top of their game when it comes to security and patch management.
The moral of the story?
When a patch is pushed out make sure that you test, understand, and implement the patch quickly.