Verizon: 90 percent of successful exploits involve vulnerabilities for which a patch has been available for six months or longer. The bad guys know a lot of companies are slow to patch, so they continue to cook up exploits for older vulnerabilities. The problem isn’t necessarily one of laziness; one of the problems is hidden machines. The first step in patch management is inventory management, then to have a process to install and manage patches, backed by the appropriate software. Theres no shortage of software tools that can do the job, says security expert.”]
Source: https://www.csoonline.com/article/2123188/does-patch-management-need-patching-.html