All operating systems need to be updated. It’s the nature of Man that no perfect software can be created. That’s a fact that will never change. However, the difference between a good and responsible software company, and one that throws its product against the wall and see’s if it sticks, is the level of diligence that company makes in discovering issues with its software and correct those issues over time. In this area, Microsoft is clearly the thought and action leader, especially when it comes to security updates.

On first blush, it might seem that patch management is a “no-brainer”. You just set up a WSUS server on your network and approve everything that comes down over the wire. The problem is that after the blush fades, the complexity of patch management becomes clearer. You have to think about how patches should be deployed in your environment with your unique requirements.

To help you organize your thoughts around a coherent patch management plan, Microsoft has come up with 10 principles of patch management:

1. Service packs should form the foundation of your patch management strategy
2. Make Product Support Lifecycle a key element in your strategy
3. Perform risk assessment using the Severity Rating System as a starting point
4. Use mitigating factors to determine applicability and priority
5. Only use workarounds in conjunction with deployment
6. Issues with Security Updates are documented in the Security Bulletin Master Knowledge Base Article
7. Test updates before deployment
8. Contact Microsoft Product Support Services if you encounter problems in testing or deployment
9. Use only methods and information recommended for detection and deployment
10. 10. The Security Bulletin is always authoritative

Microsoft takes patch management seriously. Unlike other software and hardware vendors who take security for granted because they haven’t suffered high-profile security issues that Microsoft has in the last decade and a half, Microsoft makes a significant investment in time, money and manpower to make sure its software as secure as possible out of the box, and during the entire lifecycle of that software. The Microsoft patch management system is just a piece of the overall solution, but a critically important one.

For more information on these 10 principles, check out the article by Christopher Budd, Ten Principles of Microsoft Patch Management, at http://technet.microsoft.com/en-us/library/cc512589.aspx

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING documentation | integration | virtualization
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)