Ideally a security patch released by a vendor such as Microsoft for the Windows

Question

Ideally a security patch released by a vendor such as Microsoft for the Windows OS is required to be patched immediately. What would be the recommended patching period that Microsoft or best practices would require by which the systems should be updated? Microsoft as I understand releases patches every second Tuesday of the month as a cycle. Accommodating the time to test those patches against applications within the user environment should 30 days from the date of release for a medium level risk be a reasonable upper limit set for carrying out the patching?

Any suggestions or recommendations are highly appreciated.

Explanation / Answer

Microsoft have been telling us for a while that most customers no longer bother to test patches.

The reason is that the cost of testing so many patches so regularly is prohibitive compared to the very low risk of patches causing problems. This is especially true now that patch release cycles are so short since a faulty patch can often itself be patched in less time than it would take for you to test it.

So nearly everyone now just applies Microsoft patches as they arrive - we do that, simply spreading the load of the patches over a few days to even out performance over the network.

The same cannot be said for some other vendor's patches. Java is the obvious one that springs to mind!

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.