INTRODUCTIONWith cyber attacks on the rise, public and private organizations are faced with cybersecurity vulnerabilities. The SANS Institute revealed that “unpatched client-side software applications” are the highest priority vulnerability for organizations globally. Coupled with unpatched client software, vulnerable “Internet-Exposed Websites” can compromise an organization's infrastructure. In this study I will address the issue of unpatched client software, the impact on an organization's infrastructure, and patch management as a vital mitigation solution. (http://www.sans.org) VULNERABILITIES OF “WITHOUT PATCH” SOFTWARE APPLICATIONS ON THE BODYCLIENT SIDE Newly released software inevitably presents anomalies or “bugs”. Over time, software programmers will fix the problems they find with a patch. A patch is a piece of programming that "fixes" the technical problem in software applications. Most patches can be downloaded from the Internet via the manufacturer's website. They are also incorporated into updates and upgrades. Computer software programs will always have "bug" defects that need to be continually protected (fixed) to ensure proper functioning. A client workstation with unpatched software can facilitate the propagation of malicious software. Web browsers, office software, and email are the weapons used to exploit unpatched client-side vulnerabilities. Web browser plug-ins represent a double-edged sword when it comes to vulnerable unpatched client workstations and malicious attacks to gain access to an enterprise system. Plugins typically support client-side web scripting language. They are basic elements in a web browser, used to view files and multimedia content. The unpatched and out-of-date plugin can potentially allow hackers to install malicious viruses on a...... paper medium ...... controls for effective cyber defense: guidelines for auditing the consensus http://csis.org/files/publication/ Twenty_Critical_Controls_for_Effective_Cyber_Defense_CAG.pdfNational Institute of Standards and Technology, U.S. Department of Commerce Technical AdministrationCreating a patch program and vulnerabilitieshttp://csrc.nist.gov/publications/nistpubs/800-40-Ver2/SP800-40v2.pdfPRIORITIZATION OF THE FINAL CYBER VULNERABILITY REPORT AND COUNCIL RECOMMENDATIONShttp://www.dhs.gov/xlibrary/assets/niac /NIAC_CyberVulnerabilitiesPaper_Feb05.pdf Strategy of DOD to operate in cyber space http://www.whitehouse.gov/assets/documents/Cyberspace_Policy_Review_final.pdfnytimes Sony data Breach http: //www.nytimes.com/2011/04/27/technology/27playstation.html?_r =1&scp=6&sq=sony%20data%20breach&st=cseViolation of datahttp://energycommerce.house.gov/hearings/hearingdetail.aspx?NewsID=8534