What is a security patch and why should patches be applied promptly?

A security patch is a software update that fixes a known vulnerability. When a vulnerability is disclosed (especially with a public exploit), attackers immediately begin scanning for unpatched systems — the window between disclosure and active exploitation is measured in hours. The WannaCry ransomware (2017) exploited a Windows SMB vulnerability (MS17-010) for which a patch had been available for two months — organizations that hadn't patched were compromised. Patch management process: (1) Inventory all software and versions. (2) Monitor CVE feeds and vendor advisories. (3) Test patches in staging environments. (4) Deploy promptly (critical patches within 24-72 hours; high within 1-2 weeks). (5) Verify deployment. Automated patch management tools (WSUS, Ansible, Qualys) help at scale. Unpatched systems are one of the most common attack entry points.