Easy2Patch
  • Easy2Patch Blog
  • Weekly Statistics for 2025
  • Supported Products
  • Silent Install Parameters
  • Domain List
  • Article Page
    • Weekly Statistics for 2024
  • Catalog Posts - 2025
    • May 3 Catalog Update #20250503 - Easy2Patch
    • April 26 Catalog Update #20250426 - Easy2Patch
    • April 19 Catalog Update #20250419 - Easy2Patch
    • April 12 Catalog Update #20250412 - Easy2Patch
    • April 5 Catalog Update #20250405 - Easy2Patch
    • March 29 Catalog Update #20250329 - Easy2Patch
    • March 22 Catalog Update #20250323 - Easy2Patch
    • March 15 Catalog Update #20250315 - Easy2Patch
    • March 8 Catalog Update #20250308 - Easy2Patch
    • New Products on Easy2Patch Catalog #20250308
    • March 1 Catalog Update #20250301 - Easy2Patch
    • February 22 Catalog Update #20250222 - Easy2Patch
    • February 15 Catalog Update #20250215 - Easy2Patch
    • February 8 Catalog Update #20250208 - Easy2Patch
    • February 1 Catalog Update #20250201 - Easy2Patch
    • January 25 Catalog Update #20250125 - Easy2Patch
    • January 18 Catalog Update #20250118 - Easy2Patch
    • January 11 Catalog Update #20250111 - Easy2Patch
    • January 4 Catalog Update #20250104 - Easy2Patch
  • Catalog Posts - 2024
    • December 28 Catalog Update #20241228 - Easy2Patch
    • December 21 Catalog Update #20241221 - Easy2Patch
    • December 14 Catalog Update #20241214 - Easy2Patch
    • December 7 Catalog Update #20241207 - Easy2Patch
    • November 30 Catalog Update #20241123 - Easy2Patch
    • November 23 Catalog Update #20241123 - Easy2Patch
    • November 16 Catalog Update #20241116 - Easy2Patch
    • November 9 Catalog Update #20241109 - Easy2Patch
    • November 2 Catalog Update #20241102 - Easy2Patch
    • October 26 Catalog Update #20241026 - Easy2Patch
    • October 19 Catalog Update #20241019 - Easy2Patch
    • October 12 Catalog Update #20241012 - Easy2Patch
    • October 5 Catalog Update #20241005 - Easy2Patch
    • September 28 Catalog Update #20240928 - Easy2Patch
    • September 21 Catalog Update #20240921 - Easy2Patch
    • September 14 Catalog Update #20240914 - Easy2Patch
    • September 7 Catalog Update #20240907 - Easy2Patch
    • August 31 Catalog Update #20240831 - Easy2Patch
    • August 24 Catalog Update #20240824 - Easy2Patch
    • August 17 Catalog Update #20240817 - Easy2Patch
    • August 10 Catalog Update #20240810 - Easy2Patch
    • August 3 Catalog Update #20240803 - Easy2Patch
    • July 27 Catalog Update #20240727 - Easy2Patch
    • July 20 Catalog Update #20240720 - Easy2Patch
    • July 13 Catalog Update #20240713 - Easy2Patch
    • July 6 Catalog Update #20240706 - Easy2Patch
    • June 29 Catalog Update #20240629 - Easy2Patch
    • June 22 Catalog Update #20240622 - Easy2Patch
    • June 15 Catalog Update #20240615 - Easy2Patch
    • June 8 Catalog Update #20240608 - Easy2Patch
    • June 1 Catalog Update #20240601 - Easy2Patch
    • May 25 Catalog Update #20240525 - Easy2Patch
    • May 18 Catalog Update #20240518 - Easy2Patch
    • May 11 Catalog Update #20240511 - Easy2Patch
    • May 4 Catalog Update #20240504 - Easy2Patch
    • April 27 Catalog Update #20240427 - Easy2Patch
    • April 20 Catalog Update #20240420 - Easy2Patch
    • April 13 Catalog Update #20240413 - Easy2Patch
    • April 6 Catalog Update #20240407 - Easy2Patch
    • March 30 Catalog Update #20240330 - Easy2Patch
    • March 23 Catalog Update #20240323 - Easy2Patch
    • March 16 Catalog Update #20240316 - Easy2Patch
    • March 9 Catalog Update #20240309 - Easy2Patch
    • March 2 Catalog Update #20240302 - Easy2Patch
    • February 24 Catalog Update #20240224 - Easy2Patch
    • February 17 Catalog Update #20240217 - Easy2Patch
    • February 10 Catalog Update #20240210 - Easy2Patch
    • February 3 Catalog Update #20240203 - Easy2Patch
    • January 27 Catalog Update #20240127 - Easy2Patch
    • January 20 Catalog Update #20240120 - Easy2Patch
    • January 13 Catalog Update #20240113 - Easy2Patch
    • January 6 Catalog Update #20240106 - Easy2Patch
  • Catalog Posts
    • December 30 Catalog Update #20231230 - Easy2Patch
    • December 23 Catalog Update #20231223 - Easy2Patch
    • December 16 Catalog Update #20231216 - Easy2Patch
    • December 9 Catalog Update #20231209 - Easy2Patch
    • December 2 Catalog Update #20231202 - Easy2Patch
    • November 25 Catalog Update #20231125 - Easy2Patch
    • November 18 Catalog Update #20231118 - Easy2Patch
    • November 11 Catalog Update #20231111 - Easy2Patch
    • November 04 Catalog Update #20231104 - Easy2Patch
    • Easy2Patch October 28 Catalog Update #20231028
    • Easy2Patch October 21 Catalog Update #20231021
    • Easy2Patch October 14 Catalog Update #20231014
    • Easy2Patch October 07 Catalog Update #20231007
    • Easy2Patch September 30 Catalog Update #20230930
    • Easy2Patch September 23 Catalog Update #20230923
    • Easy2Patch September 16 Catalog Update #20230916
    • Easy2Patch September 9 Catalog Update #20230909
    • Easy2Patch September 2 Catalog Update #20230902
    • Easy2Patch August 26 Catalog Update #20230826
    • Easy2Patch August 19 Catalog Update #20230819
    • Easy2Patch August 12 Catalog Update #20230812
    • Easy2Patch August 05 Catalog Update #20230805
    • Easy2Patch July 29 Catalog Update #20230729
    • Easy2Patch July 22 Catalog Update #20230722
    • Easy2Patch July 15 Catalog Update #20230715
    • Easy2Patch July 8 Catalog Update #20230708
    • Easy2Patch July 1 Catalog Update #20230701
    • Easy2Patch June 24 Catalog Update #20230624
    • Easy2Patch June 17 Catalog Update #20230617
    • Easy2Patch June 10 Catalog Update #20230610
    • Easy2Patch June 03 Catalog Update #20230603
    • Easy2Patch May 27 Catalog Update #20230527
    • Easy2Patch May 20 Catalog Update #20230520
    • Easy2Patch May 13 Catalog Update #20230513
    • Easy2Patch May 6 Catalog Update #20230506
    • Easy2Patch April 29 Catalog Update #20230429
    • Easy2Patch April 22 Catalog Update #20230422
    • Easy2Patch April 15 Catalog Update #20230415
    • Easy2Patch April 8 Catalog Update #20230408
    • Easy2Patch April 1 Catalog Update #20230401
    • Easy2Patch March 25 Catalog Update #20230325
    • Easy2Patch March 18 Catalog Update #20230318
    • Easy2Patch February 11 Catalog Update #20230211
    • Easy2Patch March 4 Catalog Update #20230304
    • Easy2Patch February 25 Catalog Update #20230225
    • Easy2Patch February 18 Catalog Update #20230218
    • Easy2Patch February 11 Catalog Update #20230211
    • Easy2Patch February 4 Catalog Update #20230204
    • Easy2Patch January 28 Catalog Update #20230128
    • Easy2Patch January 21 Catalog Update #20230121
    • Easy2Patch January 14 Catalog Update #20230114
    • Easy2Patch January 7 Catalog Update #20230107
  • New Products
    • Apache Tomcat 11 Now Available in the Easy2Patch Catalog!
    • Software added to the E2P catalog in June (#202406)
    • Software added to the E2P catalog in April (#202404)
    • Software added to the E2P catalog in August (#202308)
    • Software added to the E2P catalog in July (#202307)
    • Software added to the E2P catalog in June (#202306)
    • Software added to the E2P catalog in May (#202305)
    • Software added to the E2P catalog in April (#202304)
    • Softwares added to the E2P catalog in March (#202303)
    • Applications added to the E2P catalog in February (#202302)
  • Articles
    • CVE-2025-20236: Critical RCE Vulnerability in Cisco Webex & How to Stay Safe
    • What’s New and Improved in Firefox 137.0?
    • What’s New in Chrome 135 and Why You Should Update Now
    • Git for Windows 2.48.1 is the final version of 32-bit
    • TreeSize Free Windows Server Deployment Issue
    • Google Chrome 131.0.6778.204/205 Update Released
    • Msiexec.exe: Understanding and Using the Installer Tool
    • Password Safe 3.66.0 (x64/x86) (MSI) Failed to Install Error 1683
    • GPL Ghostscript Silent Install Removed
    • What is Easy2Patch?
    • Scan Microsoft ConfigMgr for Supported Third-Party Products for Patching (Update statistics)
    • Easy2Patch 1.x End Of Life
    • Schema files not found!
    • WSUS Maintenance
    • Most effective way to up to date 3rd party software in IT environment
    • Creating App Registrations for Easy2Patch
    • How to Save Time and Labor via Easy2Patch?
    • Adding an in-house application to the Easy2Patch catalog
    • Ransomwares And Defense Strategies
    • CVE-2023-2033 Google Chrome Zero-Day Vulnerability
    • Importance of Updating 3rd Party Applications
    • Local Publishing Maximum Cab Size Setting
    • What should be considered to use 3rd Party software safely?
    • What is a 3rd Party Product?
Powered by GitBook
On this page
  • Right File from the Right Source
  • Testing
  • Manufacturer Selection
  • Financial Loss / Prestige Loss
  • 3rd Party update management with Easy2Patch
  1. Articles

What should be considered to use 3rd Party software safely?

Direnc Onen

PreviousLocal Publishing Maximum Cab Size SettingNextWhat is a 3rd Party Product?

Last updated 2 years ago

In our previous article, we briefly talked about 3rd Party software. Click the to read this article. In this article, we will try to explain the methods of using 3rd Party software safely and the do's and don'ts.

Some of the 3rd Party software is paid and can be downloaded from the manufacturer's page with a subscription after purchasing a certain license. However, most of the 3rd Party software is offered free of charge and can be downloaded from the manufacturer's web pages or obtained in different formats from different sources.

Right File from the Right Source

The sources from which the software is obtained, whether paid or not, are very important. Users can sometimes obtain 3rd party products from different download pages for different interface visuals presented in the software, sometimes different versions with added capabilities that are not in the original product, and sometimes differentiated setup files to be used in management tools such as SCCM that can install automatic software. One of the most common examples of this (now the manufacturer provides it!) is the Mozilla Firefox product. Since the msi package of this product has not been released for years, we have seen that the SCCM administrators distribute the Mozilla Firefox packages, which are provided as msi of unknown origin, in large corporate networks to take advantage of the blessings of distribution with MSI. Although this seems like a very innocent request, those who know the NotPetya attack in 2017 know that this distribution process did not lead to such optimistic results. Here, the attackers have infiltrated the systems by hiding behind the update of a very famous accounting software and caused billions of dollars of damage around the world. It should be ensured that the products are downloaded from the CORRECT SOURCE and the CORRECT FILE, and it should be confirmed that the file is NOT corrupted or changed during the download.

It is seen that some of the IT managers are not very selective when choosing the 3rd party software to be used in their IT structures, sometimes they distribute the software containing trojan and malware ad-aware to all computers in the network environment because it is very popular. Some of this software stays dormant until the attacker takes action and never shows itself. With the attacker's command, the systems on which this software is installed can be used as zombie computers, as well as infiltrating the IT structure and used to access computer/server systems with critical information.

Testing

Testing has a very important place in the updating processes of 3rd Party products. System and Cyber security administrators should test the software updates they use in their IT structures in a small test environment before distributing them to the general public. Even if it is downloaded from the right source, it must be tested and after the test results are positive, it should be disseminated in parts. After this stage, the updated systems should be followed up and it should be ensured that no negativity is observed.

Manufacturer Selection

Another important issue is the correct selection of the manufacturers of the software to be installed on computers in IT structures. Features such as support, update frequency, communication are important in the selection of manufacturers and software. Sometimes software that has plenty of vulnerabilities but is quickly closed may not be well looked after because it has too many vulnerabilities. However, issues such as who the manufacturer is and how quickly it responds to these deficits should be considered. As of the date of publication of this article, 100s of High, Medium and low vulnerabilities have been released by Google Chrome Web browsers in 2022, and 6 zero-day vulnerabilities have emerged in addition. However, despite so many vulnerabilities, the manufacturer's healthy communication and fast closing of the gaps enable Google Chrome to be used almost like a single browser, except for a few browsers (including Chromium-based browsers).

Financial Loss / Prestige Loss

Or both? There are 2 basic ideas that are wrong. First, cybersecurity does not contribute directly to revenue, and second, cybersecurity is a feature that can be easily added to the project later if needed. Cyber ​​security has long been considered as software such as Firewall, IPS, WAF, WAP. However, almost all of them are software that protects against external attacks. Software such as anti-virus and anti-malware have been effective against viruses with software containing harmful code. However, a coding error made by the manufacturer unknowingly in the native code of the software is an innocent code snippet that can only be used by attackers. If these vulnerabilities are not noticed by the manufacturer or the cyber security teams, or even if they are noticed and fixed, it is easy to become the target of cyber attacks. After these attacks, the service interruption and the loss of prestige against the customers in parallel with this, and the monetary loss will begin to occur depending on the work done by the company during each service interruption.

3rd Party update management with Easy2Patch

Easy2Patch is an important cyber security product that integrates with SCCM/WSUS and provides automatic and unattended updates to the software in its catalog. The products in the catalog are constantly monitored almost every day by automatic and manual methods. Published CVEs for updates are tracked and added to the Easy2Patch CVE database. Cybersecurity administrators can use this information to see a list of possible malicious vulnerabilities in their structures. With the rules on the SCCM/WSUS side, they can ensure that the distributions are sent sequentially in test and production environments. You can download Easy2Patch for free, easily integrate it into your structure and start using it. You can download the product from the Easy2Patch web page to try it for free. You can get information about the installation of the product from the help pages, and request a demo from sales@easy2patch.com.

link