Maintaining servers: Why updates must not wait


Recent vulnerabilities in cPanel and the Linux kernel have served as a stark reminder: unpatched servers aren’t just a theoretical risk. Whether you manage one VPS or a fleet of production machines, the question isn’t if but when your services will be affected.

What’s at stake — the recent CVEs

Over April and May this year, there have been some uncomfortable reminders of how fragile unpatched infrastructure can be. Critical vulnerabilities in cPanel such as CVE-2026-41940 exposed servers to privilege escalation attacks, potentiallty allowing access to user and system level accounts. The kind of access that lets an attacker do anything: exfiltrate data, install backdoors, or weaponise your server against others.

Around the same time, the Linux kernel reported vulnerabilities like CopyFail/CVE-2026-31431 which opened the door to local privilege escalation, meaning any access to a low-privilege account could quickly become a full system takeover.

What makes these vulnerabilities particularly sobering is the speed at which proof-of-concept exploits appear after public disclosure. Security researchers and threat actors alike watch the CVE feeds closely. Sometimes working exploits appear within 24 hours of a patch being released, often before administrators have even read the advisory.

Shared hosting environments can be especially attractive targets, given the concetration of services involved.

Critical fixes do usually require someone to act — and in many organisations, that’s where things stall. The good news is that both vulnerabilities mentioned above had patches available quickly. And your team at RimuHosting has been in an excelent good position to protect and fix affected systems.

The case for manual, disciplined patching

For production environments, a blanket “auto-update everything” policy isn’t without risk. An update can occasionally conflict with custom libraries modules; a cPanel major version bump can shift configuration defaults in ways that catch administrators off guard. Subscribing to relevant vendor security advisories, maintaining a clear patching schedule, and validating changes in a staging environment first, these are all ways to give you control and an audit trail. It’s slower, but for complex or heavily customised stacks, that caution often results in improved availability of your services.

This is where working with RimuHosting can change the equation significantly. As a hosting company, we monitor upstream advisories on your behalf. When a critical issue drops, we’re already assessing impact and scheduling patches — often before most customers are aware. For VM customers in particular, this means you get the discipline of a structured patching process without needing to build and maintain that capability in-house. We can also coordinate maintenance windows that suit your business, minimising disruption while keeping your exposure window as short as possible.

Automatic updates are important

For most teams, the real enemy isn’t a bad patch — it’s human delay. Tickets get deprioritised, patching windows get pushed back, and suddenly a known vulnerability has been sitting unaddressed to too long. Automatic security updates can handle the low-risk, high-frequency stuff — ssl, glibc, ssh to name a few packages — without waiting for someone to find time. On modern Debian and Ubuntu installs, unattended-upgrades makes this straightforward to configure; on RHEL, AlmaLinux, or Rocky, dnf-automatic covers the same ground. cPanel’s built-in auto-update tiers (RELEASE, STABLE, EDGE) let you dial in your risk tolerance, keeping you current without chasing the bleeding edge.

The impact of delays can hit small teams hardest. A solo sysadmin or a two-person ops team simply can’t maintain the same vigilance as a dedicated security function, and attackers know it. Automation bridges that gap, acting as a force multiplier that keeps security hygiene consistent even when everyone is heads-down on other work. It’s also worth noting that both cPanel and the major Linux distributions have invested heavily in making their automatic update tooling reliable and conservative by default — security-only channels are designed specifically to minimise the risk of a disruptive change slipping through.

Don’t forget the supporting layers

Updates alone aren’t enough. There are plenty of complementary practices such as documentation, backups, detection, and log monitoring to name just a few. Often this is built up as your service grows, but there is something to be said for keeping things simple. RimuHosting staff can advise on best practices, including features that we build into all our server deployments so you have less to worry about.

The cPanel and Linux kernel vulnerabilities of recent months aren’t anomalies. Software is growing increasingly complex, despite the long standing Unix/Linux philosophy of building smaller dedicated tools for specific jobs. Attackers use automation and tools too. The only sustainable response is a security culture that stays ahead of threats. Whether you automate, schedule, or both, the worst strategy will always be is the one that leaves patches sitting unapplied.

If you need help understanding your exsiting services, or deploying modern systems, ask our team at Rimuhosting to help.

,

Leave a Reply