A systems administrator manages several public-facing web servers running a critical e-commerce application. The application vendor releases an urgent security bulletin detailing a remote code execution (RCE) vulnerability that is being actively exploited in the wild. The vendor has also made a patch available for download. Which of the following is the MOST appropriate action for the administrator to take to harden the application?
Test the patch in an isolated environment that mirrors production, then deploy it to the live servers.
Disable all non-essential services on the web servers to reduce the overall attack surface.
Immediately block all traffic to the application by reconfiguring the host-based firewall.
Deploy a new signature to the Host-based Intrusion Detection System (HIDS) to alert on exploitation attempts.
The correct action is to test the patch in a non-production environment and then deploy it. Applying a patch is the definitive way to remediate a known software vulnerability. However, deploying a patch directly to a production environment without testing can introduce new, unforeseen problems that could cause a service outage. The best practice is to test the patch in a staging or development environment that closely resembles the production setup to ensure it does not negatively impact system stability or functionality before rolling it out.
Blocking traffic with a firewall would take the critical e-commerce application offline, causing a significant business impact. While it could be a temporary emergency measure, it does not fix the underlying vulnerability.
Disabling non-essential services is a general server hardening best practice, but it does not address the specific, critical vulnerability announced for the running e-commerce application.
Using a HIDS to detect attacks is a reactive measure, not a preventative one. While useful for monitoring, the primary goal should be to eliminate the vulnerability itself, which is accomplished by patching.