Ten Principles of Microsoft Patch Management
Microsoft just recently released a Technet article entitled “Ten Principles of Microsoft Patch Management” that talks about, you guessed it, patch management on an enterprise network. Since the vast majority of the networks deployed throughout corporate America are Microsoft based, and because security is an important part of maintaining these networks, this article could not have come at a better time.
Patch management is a critical part of maintaining the security of your systems and network. The patch management system that you build and maintain is, among other things, the channel through which you deploy security updates from Microsoft and other vendors. Although patch management is sometimes viewed as a systems management discipline rather than a security discipline, its role in addressing vulnerabilities through the deployment of updates makes it a vital component in an organization’s security operations. Because the timely application of security updates is one of the most important and effective things you can do to protect your systems and network, your patch management system must be as efficient as possible.
With all the security vulnerabilities being found in software these days it is important to have an effective patch management policy. Critical systems need to be protected from the exploits that are found daily. A major component of network security is patch management and Microsoft spells out some quality advice on patching.
In the many networks that I have had experience working on I find that most policies do not adequately address patch management. In fact, it is management themselves that generally lead to the problems associated with patch management; in many instances they are uninterested in sacrificing network maintenance time in order to deploy patches because they do not see a direct benefit.
A little education, however, can go a long way. This advice from Microsoft is one step in helping the patch management cause.