office politics
It's all just 1s and 0s
- Messages
- 6,555
- Location
- in the lab
Security Management - May 2006
Ten Principles of Microsoft Patch Management
Published: May 4, 2006
By Christopher Budd, Security Program Manager, Microsoft Corporation
Patch management is a critical part of maintaining the security of your systems and network. The patch management system that you build and maintain is, among other things, the channel through which you deploy security updates from Microsoft and other vendors. Although patch management is sometimes viewed as a systems management discipline rather than a security discipline, its role in addressing vulnerabilities through the deployment of updates makes it a vital component in an organizationÂ’s security operations. Because the timely application of security updates is one of the most important and effective things you can do to protect your systems and network, your patch management system must be as efficient as possible.
To help customers develop and maintain efficient patch management strategies, Microsoft provides information about tools and strategies on our patch management page on the TechNet Security site (http://www.microsoft.com/technet/security/topics/patchmanagement.mspx). There, you will find a wealth of important information on the nuts-and-bolts aspects of building and maintaining a patch management system to support Microsoft products. This site is an excellent and valuable resource, but in helping customers with questions and concerns around security updates for some years I have found that although the resources provide excellent guidance from Microsoft on how we recommend you do patch management in your environment, they donÂ’t always make clear why we make particular recommendations. We have provided good resources concerning the practice of Microsoft patch management, but we havenÂ’t outlined as fully as we could the principles of Microsoft patch management.
To help address that shortcoming, in this article I will outline ten principles of Microsoft patch management. With a better understanding of these principles, you can better align your patch management strategy with Microsoft and thus improve the efficiency of your patch management system. You can also prevent unpleasant surprises that can result from pursuing a strategy or tactics that Microsoft doesnÂ’t recommend or support. Finally, with an understanding of the why behind how we recommend customers implement Microsoft patch management, often you will be able to answer questions that may arise in your day-to-day work managing security updates for Microsoft products.
Ten Principles of Microsoft Patch Management
Published: May 4, 2006
By Christopher Budd, Security Program Manager, Microsoft Corporation
Patch management is a critical part of maintaining the security of your systems and network. The patch management system that you build and maintain is, among other things, the channel through which you deploy security updates from Microsoft and other vendors. Although patch management is sometimes viewed as a systems management discipline rather than a security discipline, its role in addressing vulnerabilities through the deployment of updates makes it a vital component in an organizationÂ’s security operations. Because the timely application of security updates is one of the most important and effective things you can do to protect your systems and network, your patch management system must be as efficient as possible.
To help customers develop and maintain efficient patch management strategies, Microsoft provides information about tools and strategies on our patch management page on the TechNet Security site (http://www.microsoft.com/technet/security/topics/patchmanagement.mspx). There, you will find a wealth of important information on the nuts-and-bolts aspects of building and maintaining a patch management system to support Microsoft products. This site is an excellent and valuable resource, but in helping customers with questions and concerns around security updates for some years I have found that although the resources provide excellent guidance from Microsoft on how we recommend you do patch management in your environment, they donÂ’t always make clear why we make particular recommendations. We have provided good resources concerning the practice of Microsoft patch management, but we havenÂ’t outlined as fully as we could the principles of Microsoft patch management.
To help address that shortcoming, in this article I will outline ten principles of Microsoft patch management. With a better understanding of these principles, you can better align your patch management strategy with Microsoft and thus improve the efficiency of your patch management system. You can also prevent unpleasant surprises that can result from pursuing a strategy or tactics that Microsoft doesnÂ’t recommend or support. Finally, with an understanding of the why behind how we recommend customers implement Microsoft patch management, often you will be able to answer questions that may arise in your day-to-day work managing security updates for Microsoft products.
