If I had to give you one, and only one, piece of advice regarding patch management, it would be that you must understand exactly what your patch management tool is and is not patching.
For example, Microsoft's System Update Service (SUS) is a popular, free patch management tool designed to keep Microsoft products up to date. Since SUS is provided by Microsoft, it goes without saying that it only updates Microsoft products. What you may not realize, though, is that SUS does not update all Microsoft products. In fact, SUS 1.0 will only keep Windows 2000 Server, XP Professional and Server 2003 up to date. It completely neglects other Microsoft products, such as Microsoft Office or Exchange Server.
This does not mean there are no updates for Microsoft Office or Exchange Server. Microsoft frequently updates these products just as the Windows operating system is frequently updated. My point is that you need to understand exactly what your patch management software is and is not updating.
Note: The next version of SUS, called the Windows Server Update Service (WSUS), will be available later this year and will update most Microsoft products.
Patch management must-dos
Step 1: Do understand what is being patched
Step 2: Do review patches every day
Step 3: Do make sure patches are actually being applied
Step 4: Do it yourself when necessary
Resource kit: Tips for testing, deploying and fixing patches
|ABOUT THE AUTHOR:|
Brien M. Posey, MCSE, MVP|
Brien M. Posey is a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. He has served as CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. As a freelance technical writer, he has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies.
Copyright 2005 TechTarget
This was first published in May 2005