|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Best Practice: Patches that are not critical or security relatedWhat is the best practice for installing patches that are not listed as
"Critical" or "Security" related? Does Microsoft have an official stand on this? Some would say push them all to be safe and fix any potential issues. On the other side it has been said that by pushing patches for problems that don't specifically affect you it creates a greater chance that something else might be broken. Any references containing recommendations or best practices on this subject? Thanks!
Show quote
Hide quote
"paulc2480" <paulc2***@discussions.microsoft.com> wrote in message Well, since no one else answered... I really think this is entirely up to news:510FA8DC-83F4-4504-9015-DC9C62CD5C40@microsoft.com... > What is the best practice for installing patches that are not listed as > "Critical" or "Security" related? Does Microsoft have an official stand > on > this? > > Some would say push them all to be safe and fix any potential issues. On > the other side it has been said that by pushing patches for problems that > don't specifically affect you it creates a greater chance that something > else > might be broken. Any references containing recommendations or best > practices > on this subject? Thanks! you, and whether you are more troubled by the risks of not patching [compromise, loss of functionality and instability] or the risks of patching [performance issues, loss of functionality and instability]. In either case, testing the patch reduces these risks, but it also takes time and money. Another popular stance is, instead of patching, install those other updates after a few months, when other people have vetted them and any patch modifications have been released. I'm not sure you need to go to the trouble of downloading and installing non-security related updates, unless you know or believe you are at risk of the issue happening in your environment. Most people recommend installing service packs within one to nine months after their release, at which time you would get most of those other non-Critical patches. Security patches rated Important are probably something you'd want to install. Microsoft gives installation time recommendations in each of their security bulletins, but non-security updates are I think left up to you to decide. -- kind regards, Karl Levinson, CISSP, CCSA, MCSE [MS MVP] -------------------------------- Microsoft Security FAQ: http://securityadmin.info 
Other interesting topics
Password Protecting/Hiding Files & Folders on Windows 2003 server???
security update repeats "indefinitely" MS issued advisory, current exploit potential controlling what computers a user can log on to User Config / Windows Settings / Scripts Not Shown in GPOE 5 Ways to Speed Up Your Computer's Performance windows security log doesn't have any entry W2K ESENT Event ID 454, error -515 every 5 minutes File auditing not working properly How do I set password expiry notification date?? |
|||||||||||||||||||||||
