Why and When? Upgrades, Updates and Patches
Successful Updates and Patches
- Be aware of what is out there.
- Subscribe to mailing lists that keep track of vulnerabilities, even when patches aren’t released yet.
2. Remember those applications
- Applications are the new target for exploits, primarily when they rely on open or execute file types.
- Windows Update takes care of your operating system and Microsoft applications. Still, almost every computer on your network will have third-party applications, including PDF readers, media players, and other business operation applications.
- Stay on top of patches for all the apps that are integral to your business operation.
3. Test before you deploy
- All vendors test their patches/updates they release them. It is impossible for a vendor can check for every possible combination of hardware, application, and drivers, and they definitely cannot test the proprietary applications that you have internally developed.
- You must have a set of machines that you deploy patches first to check to make sure you are not introducing any problems to your systems.
- Take advantage of virtualization technologies when you can
4. Schedule all Your Maintenance Windows
- Remember that patching requires time, bandwidth, and reboots. Each of these can interrupt normal business processes.
- Most companies run their business 24×7. So you need to have some established maintenance windows for routine patching. Then you must create a means to push emergency patches if there is a zero-day exploit.
- Using a scheduled maintenance window, allows business operations to plan for at least be prepared for any potential disruptions when critical systems reboot after patching.
5. Use a patch management system
- Manual patching is time and labor-intensive, error-prone, and impossible to report accurately.
- There are several excellent low-cost patching systems available on the market. These systems push patches, audit systems, and generate necessary reports used by management for regulatory compliance assessments.
6. Be sure to have a roll-back plan
- No amount of preparation or testing can prevent the occasional issue that requires you to roll-back a patch.
- Push patches only when everyone is aware so that if problems crop up after deployment, you plan to check those patches and to uninstall them if necessary.