As the NCSC state, ‘[w]e all know it’s important to install security fixes quickly after they become available’. Patch management is part of their guidance on reducing cyber exposure for businesses, as well as being part of the Cyber Essentials certification criteria.
You may have never heard of ‘PHP’, but if you’re running any sort of web service or site chances are it runs on PHP—almost 80% of websites do. PHP forms the base of a number of popular CMSes such as WordPress, Magento and Laravel, but even if you aren’t using a PHP-based CMS you may still have it running on your server, accessible to the outside world.
The most up-to-date version of PHP is 7.2, but a handful of older versions continue to receive security updates for a number of years after their official retirement. Two such versions—5.6 and 7.0—are due to lose all support on December 31st and December 3rd, respectively. This means that any web service running these outdated versions—around 26% of sites for 5.6 and 9% for 7.0—will rapidly become insecure, which can in turn threaten the security and integrity of your business.
Make sure that you have checked your installed version numbers across any web-facing servers and updated PHP where necessary before the December deadline.