Re: Windows O/S Patching Question

[Joel Rosenblatt <joel () COLUMBIA EDU>]

The correct answer is ...

It's TOOOO long if the compromised is out in the wild

It was estimated that the RDP compromise would take about a month to appear in the wild, they were off by about 2 weeks ... so, if you played the odds and 
waited, you are getting screwed right now :-)

I like to say ASAP is the right answer, every day that you wait, you are taking a chance that the bad guys will win - you don't want to break your servers, but 
aren't they broken if they get hacked?

My 2 cents
Joel

--On Friday, March 23, 2012 2:04 PM -0400 "Sarazen, Daniel" <dsarazen () UMASSP EDU> wrote:

> Hi All,
>
> Quick Question: If Windows were to release a critical patch for a server today, how long should it take to install the patch 
> before you'd consider it TOO
> long?
>
> Thanks,
>
> [cid:image001.gif@01CD08FD.E6C2DA10]
>
> :: Daniel Sarazen, CISSP, CISA
> :: Senior Information Technology Auditor
> :: University Internal Audit
> :: University of Massachusetts President's Office
>
> :: 774-455-7558
> :: 781-724-3377 Cell
> :: 774-455-7550 Fax
> :: Dsarazen () umassp edu<mailto:Dsarazen () umassp edu>
>
> University of Massachusetts : 333 South St. : Suite 450 : Shrewsbury, MA 01545 : 
> www.massachusetts.edu<http://www.massachusetts.edu/>
>
>
> Confidentiality Note:  This email is intended for the exclusive use of the addressee(s) and may contain proprietary, 
> confidential or privileged information.
> If you are not the intended recipient(s), any dissemination, use, distribution or copying is strictly prohibited.



Joel Rosenblatt, Director Network & Computer Security
Columbia Information Security Office (CISO)
Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
http://www.columbia.edu/~joel
Public PGP key
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x90BD740BCC7326C3