• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Exchange patches

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Exchange 2000 // 2003 // 2007 & Active Directory

View previous topic :: View next topic  
Author Message
ryansutton
Trusted SF Member
Trusted SF Member


Joined: 25 Aug 2004
Posts: 67
Location: San Francisco, California

Offline

PostPosted: Fri Jul 22, 2011 6:26 am    Post subject: Exchange patches Reply with quote

How do you guys manage your Exchange updates? I manage roughly 10 Exchange servers and patching them is a headache, I don't trust auto-update so I usally end up doing manual patching.
Back to top
View user's profile Send private message
graycat
SF Mod
SF Mod


Joined: 29 Apr 2005
Posts: 16777195
Location: London, UK

Offline

PostPosted: Fri Jul 22, 2011 10:52 am    Post subject: Reply with quote

We have a policy where all updates are downloaded to servers but manually installed. Patches aren't installed until the last Friday of the month and are reviewed for any reported issues prior to install.
Back to top
View user's profile Send private message Visit poster's website MSN Messenger
ryansutton
Trusted SF Member
Trusted SF Member


Joined: 25 Aug 2004
Posts: 67
Location: San Francisco, California

Offline

PostPosted: Mon Jul 25, 2011 7:23 am    Post subject: Reply with quote

Do you do that for MS patches too?
Back to top
View user's profile Send private message
graycat
SF Mod
SF Mod


Joined: 29 Apr 2005
Posts: 16777195
Location: London, UK

Offline

PostPosted: Mon Jul 25, 2011 12:03 pm    Post subject: Reply with quote

ryansutton wrote:
Do you do that for MS patches too?
Most definitely especially with any security or SP releases.

Standard rules for us - delay patching for a few weeks, check the patches then do it in stages.

Seems to have worked well so far but fingers crossed .....
Back to top
View user's profile Send private message Visit poster's website MSN Messenger
ryansutton
Trusted SF Member
Trusted SF Member


Joined: 25 Aug 2004
Posts: 67
Location: San Francisco, California

Offline

PostPosted: Mon Jul 25, 2011 5:40 pm    Post subject: Reply with quote

graycat wrote:
ryansutton wrote:
Do you do that for MS patches too?
Most definitely especially with any security or SP releases.

Standard rules for us - delay patching for a few weeks, check the patches then do it in stages.

Seems to have worked well so far but fingers crossed .....


We deploy MS patches on patch Tuesday, but I have my doubts as to whether the benefits of being insta-patched out weigh the potential problems of a bad patch taking down a server.
Back to top
View user's profile Send private message
graycat
SF Mod
SF Mod


Joined: 29 Apr 2005
Posts: 16777195
Location: London, UK

Offline

PostPosted: Tue Jul 26, 2011 11:17 am    Post subject: Reply with quote

ryansutton wrote:
We deploy MS patches on patch Tuesday, but I have my doubts as to whether the benefits of being insta-patched out weigh the potential problems of a bad patch taking down a server.


To me this is too much of a risk. If something uber urgent is released to protect against a 0-day threat that applies to us then I'd get the alert from MS, do some testing myself whilst looking for feedback from other testers and only when it's proved steady roll it out. Even then I still reckon we'd be a good week behind even for an urgent patch.
Back to top
View user's profile Send private message Visit poster's website MSN Messenger
georgec
SF Staff
SF Staff


Joined: 15 Nov 2010
Posts: 0


Offline

PostPosted: Tue Jul 26, 2011 5:36 pm    Post subject: Reply with quote

Graycat, I think that a week is very long to patch at least the most important systems with the latest critical updates! I consider as top priority to push an urgent security patch which is made public (known vulnerability) all over the globe and obviously it depends on how critical the system to be updated is and where it is located (such as a website for a financial institution)!!!!
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Exchange 2000 // 2003 // 2007 & Active Directory All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register