Traditionally IT departments have postponed installing patches to test first, and see if any problems arise. However, in the light of the recent Equifax breach is this a wise course to continue to take?
The Equifax breach was caused by a vulnerability called Apache Struts. We began to see attacks from this within a couple of weeks, so clearly delaying this patch would cause vulnerabilities.
The risk of not patching far out ways the risk from the patch causing problems. If you don't have the capability to test patches, then ensure that you have a plan in place to roll back any server to the pre-patched state should you encounter any issues, which will allow you to troubleshoot.
Patch as soon as possible - and don't delay!
