| View previous topic :: View next topic |
| Author |
Message |
ryansutton
Trusted SF Member
Joined: 25 Aug 2004
Posts: 67
Location: San Francisco, California
|
 Posted: Fri Jul 22, 2011 6:26 am Post subject: Exchange patches |
 |
|
|
How do you guys manage your Exchange updates? I manage roughly 10 Exchange servers and patching them is a headache, I don't trust auto-update so I usally end up doing manual patching.
|
|
| Back to top |
|
 |
graycat
SF Mod
Joined: 29 Apr 2005
Posts: 16777195
Location: London, UK
|
| Posted: Fri Jul 22, 2011 10:52 am Post subject: |
|
|
|
We have a policy where all updates are downloaded to servers but manually installed. Patches aren't installed until the last Friday of the month and are reviewed for any reported issues prior to install.
|
|
| Back to top |
|
|
ryansutton
Trusted SF Member
Joined: 25 Aug 2004
Posts: 67
Location: San Francisco, California
|
| Posted: Mon Jul 25, 2011 7:23 am Post subject: |
|
|
|
Do you do that for MS patches too?
|
|
| Back to top |
|
|
graycat
SF Mod
Joined: 29 Apr 2005
Posts: 16777195
Location: London, UK
|
| Posted: Mon Jul 25, 2011 12:03 pm Post subject: |
|
|
| ryansutton wrote: |
| Do you do that for MS patches too? |
Most definitely especially with any security or SP releases.
Standard rules for us - delay patching for a few weeks, check the patches then do it in stages.
Seems to have worked well so far but fingers crossed .....
|
|
| Back to top |
|
|
ryansutton
Trusted SF Member
Joined: 25 Aug 2004
Posts: 67
Location: San Francisco, California
|
| Posted: Mon Jul 25, 2011 5:40 pm Post subject: |
|
|
| graycat wrote: |
| ryansutton wrote: |
| Do you do that for MS patches too? |
Most definitely especially with any security or SP releases.
Standard rules for us - delay patching for a few weeks, check the patches then do it in stages.
Seems to have worked well so far but fingers crossed ..... |
We deploy MS patches on patch Tuesday, but I have my doubts as to whether the benefits of being insta-patched out weigh the potential problems of a bad patch taking down a server.
|
|
| Back to top |
|
|
graycat
SF Mod
Joined: 29 Apr 2005
Posts: 16777195
Location: London, UK
|
| Posted: Tue Jul 26, 2011 11:17 am Post subject: |
|
|
| ryansutton wrote: |
| We deploy MS patches on patch Tuesday, but I have my doubts as to whether the benefits of being insta-patched out weigh the potential problems of a bad patch taking down a server. |
To me this is too much of a risk. If something uber urgent is released to protect against a 0-day threat that applies to us then I'd get the alert from MS, do some testing myself whilst looking for feedback from other testers and only when it's proved steady roll it out. Even then I still reckon we'd be a good week behind even for an urgent patch.
|
|
| Back to top |
|
|
georgec
SF Staff
Joined: 15 Nov 2010
Posts: 0
|
| Posted: Tue Jul 26, 2011 5:36 pm Post subject: |
|
|
|
Graycat, I think that a week is very long to patch at least the most important systems with the latest critical updates! I consider as top priority to push an urgent security patch which is made public (known vulnerability) all over the globe and obviously it depends on how critical the system to be updated is and where it is located (such as a website for a financial institution)!!!!
|
|
| Back to top |
|
|
|
