Ok, so you have gone through the all the Microsoft updates, kicked off a number of deployment jobs, done your testing and now you are probably moving your test rings into production. Job done. Phew

And then this happens: CVE-2023-2033

Today. This Monday.

The most serious zero-day to date that affect Google Chrome. El Reg (my favourite) has this to say about this latest publicly exploited vulnerability in Chrome:

“The vulnerability, tracked as CVE-2023-2033, can be exploited by a malicious webpage to run arbitrary code in the browser. Thus, surfing to a bad website with a vulnerable browser (e.g., Chrome) could lead to your device being hijacked. Exploit code for this hole is said to be circulating and may well be in use already by miscreants.”

All that good work last week, all that testing, planning effort and deployment/engineering to get those Microsoft updates out… so, that no-one gets hurt. And, then you have to respond to an emergency patch, to an application that literally is used by every member of your organization (on a daily basis).

Basically, you don’t have the time to test … especially over the weekend.

Enterprise application updates are hard – not because of the technology, but because of the compliance, audit, and process requirements of a large, heterogeneous environment (long form for complex and important to many).

Having gone through this process a number of times (over 25 years), my feeling (and instinct) is that the only answer is automated testing. Testing that actually delivers the differences (or Delta) between builds, applications, patches and updates. If you test 500 applications, you do not want 5000 issues to investigate…. 5 is too many but probably more appropriate.

That is why Readiness designed/built our X-check technology. To automatically test applications and updates across (at least) two different platforms/builds and then report on the exceptions. Only the exceptions. Show me the difference between to tests – I am interested in what has changed.

If you are interested in what has changed and how we rapidly and automatically test for patches and updates, download our datasheet on Automated Patch Testing

Greg Lambert