Virtual Patching

Virtual patching (also called external patching or just-in-time patching) is a security technique where WAF rules are created to block exploitation of known vulnerabilities without changing the underlying application code. This provides immediate protection while development teams work on permanent code fixes.

Virtual patching is valuable when:

• A zero-day vulnerability is announced before a patch is available
• Legacy applications cannot be easily patched
• Testing and deployment of patches takes time
• Third-party components have unpatched vulnerabilities
• Emergency protection is needed immediately

Virtual patches work by:

• Blocking specific request patterns that exploit vulnerabilities
• Filtering malicious payloads before they reach the application
• Validating input against expected patterns

When the Log4Shell vulnerability was disclosed, WAF providers quickly released virtual patches that blocked exploit attempts containing the ${jndi:ldap:// pattern, protecting applications before software patches were available.