Educause Security Discussion mailing list archives
Re: Windows O/S Patching Question
From: "Pratt, Benjamin E." <bepratt () STCLOUDSTATE EDU>
Date: Fri, 23 Mar 2012 18:35:12 +0000
Too many variables to give a time but ... As many of us know, and any student who's done well in CCDC, patching is not the only way to secure a system. It's all about reducing risk. For MS12-020 you could have disabled RDP on your systems, or used a firewall to block RDP connections from all but your management systems. As far as Critical goes, that depends on your environment. Just because Microsoft rates it as critical doesn't mean it is for us and just because they don't rate it as critical doesn't mean it isn't for us. Also, all critical patches aren't of the same level of risk. All of that being said, I don't know that we have a defined standard but it's likely not as fast as it should be. Ben -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Sarazen, Daniel Sent: Friday, March 23, 2012 1:22 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Windows O/S Patching Question Sorry. I worded that poorly. I wouldn't expect that staff is sitting around waiting for critical patches to install. What I would expect is that there's some defined standard, i.e.: "Critical and Important Patches must be reviewed and installed within 1 week." When I was in public accounting we used to ding them if it took more than 2 days, but I'm not certain that's a reasonable standard for higher education. Thanks, -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Charlie Derr Sent: Friday, March 23, 2012 2:18 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Windows O/S Patching Question On 03/23/2012 02:04 PM, Sarazen, Daniel wrote:
Hi All, Quick Question: If Windows were to release a critical patch for a server today, how long should it take to install the patch before you'd consider it TOO long? Thanks, Description: http://media.umassp.edu/pix/mail/umass.gif :: *Daniel Sarazen*, CISSP, CISA :: Senior Information Technology Auditor :: University Internal Audit :: University of Massachusetts President's Office
2 1/2 hours? Is this a trick question? I'm assuming worst case (old underpowered hardware with not enough RAM and a
fully loaded link because everyone else is trying to download the patch and install it at the same time). Sure, it
*ought* to take no more than 1/2 hour (at the very most) but this is Microsoft you're talking about after all.
~c
--
Charlie Derr
Director of Instructional Technology
Bard College at Simon's Rock
Current thread:
- Windows O/S Patching Question Sarazen, Daniel (Mar 23)
- Re: Windows O/S Patching Question Basgen, Brian (Mar 23)
- Re: Windows O/S Patching Question Charlie Derr (Mar 23)
- Re: Windows O/S Patching Question Sarazen, Daniel (Mar 23)
- Re: Windows O/S Patching Question Pratt, Benjamin E. (Mar 23)
- Re: Windows O/S Patching Question Sarazen, Daniel (Mar 23)
- Re: Windows O/S Patching Question Joel Rosenblatt (Mar 23)
- Re: Windows O/S Patching Question David Gillett (Mar 26)
- Re: Windows O/S Patching Question Joel Rosenblatt (Mar 27)
- Re: Windows O/S Patching Question Brian Helman (Mar 27)
- Re: Windows O/S Patching Question Valdis Kletnieks (Mar 27)
- Re: Windows O/S Patching Question Brian Helman (Mar 27)
- Re: Windows O/S Patching Question Sarazen, Daniel (Mar 27)
- Re: Windows O/S Patching Question David Gillett (Mar 26)
- <Possible follow-ups>
- Re: Windows O/S Patching Question Ted Pham (Mar 23)