Educause Security Discussion mailing list archives
Re: Windows O/S Patching Question
From: Joel Rosenblatt <joel () COLUMBIA EDU>
Date: Fri, 23 Mar 2012 14:23:45 -0400
The correct answer is ... It's TOOOO long if the compromised is out in the wildIt was estimated that the RDP compromise would take about a month to appear in the wild, they were off by about 2 weeks ... so, if you played the odds and waited, you are getting screwed right now :-)
I like to say ASAP is the right answer, every day that you wait, you are taking a chance that the bad guys will win - you don't want to break your servers, but aren't they broken if they get hacked?
My 2 cents Joel --On Friday, March 23, 2012 2:04 PM -0400 "Sarazen, Daniel" <dsarazen () UMASSP EDU> wrote:
Hi All, Quick Question: If Windows were to release a critical patch for a server today, how long should it take to install the patch before you'd consider it TOO long? Thanks, [cid:image001.gif@01CD08FD.E6C2DA10] :: Daniel Sarazen, CISSP, CISA :: Senior Information Technology Auditor :: University Internal Audit :: University of Massachusetts President's Office :: 774-455-7558 :: 781-724-3377 Cell :: 774-455-7550 Fax :: Dsarazen () umassp edu<mailto:Dsarazen () umassp edu> University of Massachusetts : 333 South St. : Suite 450 : Shrewsbury, MA 01545 : www.massachusetts.edu<http://www.massachusetts.edu/> Confidentiality Note: This email is intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient(s), any dissemination, use, distribution or copying is strictly prohibited.
Joel Rosenblatt, Director Network & Computer Security Columbia Information Security Office (CISO) Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033 http://www.columbia.edu/~joel Public PGP key http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x90BD740BCC7326C3
Current thread:
- Windows O/S Patching Question Sarazen, Daniel (Mar 23)
- Re: Windows O/S Patching Question Basgen, Brian (Mar 23)
- Re: Windows O/S Patching Question Charlie Derr (Mar 23)
- Re: Windows O/S Patching Question Sarazen, Daniel (Mar 23)
- Re: Windows O/S Patching Question Pratt, Benjamin E. (Mar 23)
- Re: Windows O/S Patching Question Sarazen, Daniel (Mar 23)
- Re: Windows O/S Patching Question Joel Rosenblatt (Mar 23)
- Re: Windows O/S Patching Question David Gillett (Mar 26)
- Re: Windows O/S Patching Question Joel Rosenblatt (Mar 27)
- Re: Windows O/S Patching Question Brian Helman (Mar 27)
- Re: Windows O/S Patching Question Valdis Kletnieks (Mar 27)
- Re: Windows O/S Patching Question Brian Helman (Mar 27)
- Re: Windows O/S Patching Question Sarazen, Daniel (Mar 27)
- Re: Windows O/S Patching Question David Gillett (Mar 26)
- <Possible follow-ups>
- Re: Windows O/S Patching Question Ted Pham (Mar 23)
- Re: Windows O/S Patching Question Sarazen, Daniel (Mar 23)