Get a glimpse inside the e-book "The complete patch management book" by Anne Stanton, president of Norwich Group, and Susan Bradley, Microsoft Small Business Server MVP. This series of book excerpts will help you navigate Chapter 1, "What is patch management?," courtesy of Ecora. Click for the complete book excerpt series.
Finding out about patches
We next need to identify resources that help identify which patches an organization needs. Whether you patch manually or use patch management tools, ensure that your team or your Security officer is aware of the patches available for the products in your network. For most operating systems, this is rather easy to do, as all major vendors have e-mail or RSS notification. For Microsoft products, subscribe to get e-mail notifications.
Sample of a security bulletin
Another way to stay current is to sign up for RSS or "really simple syndication." Using a feed reader, you can receive these security bulletins quickly and easily. For more information about choosing and installing an RSS reader click here.
RSS feed of Microsoft security bulletins (Outlook 2003 using Newsgator)
Microsoft moved to a once a month patch schedule that has patches releases on the second Tuesday of the month between 10:00 a.m. and 11:00 a.m. However, there may be times that a patch will be released "out of band" if an active exploit is "in the wild." For the Red Hat Enterprise Linux platform, there is also many ways to obtain notifications directly from the vendor by subscribing to e-mail or RSS feed here.
RSS feed of Red Hat security bulletins (Outlook 2003 using Newsgator)
Software vendors often provide additional support resources. For some applications installed on your network, it may be more difficult to track down notification sources. Secunia.com, for example does provide security information for quite a few vendors at secunia.com/vendor/. For your "line of business" applications, you will need to contact the vendors regarding the manner in which they notify customers.
Footnote: For purposes of this document we use only Redhat's Enterprise Linux distribution in the examples, however all of the Linux distributions provide similar services.
Click for the next excerpt in this series: The road ahead
Click for book details or get more information from Ecora.
This was first published in December 2004