by Damon
(Cambridge, UK)
WSUS Image
In my place of work, we use the Windows Server Update Services (WSUS) to control when Microsoft Patches and Service Packs are issued to all networked computers.
What happens is the patches are downloaded to the local WSUS Server directly from the Microsoft site. This usually happens every Tuesday evening.
A team of Staff from different parts of the IT Department review the new patches and identify whether there are any that are going to cause issues to the computers connected to our network.
The identified patches are quarantined and tested by the appropriate personnel to see if they cause any issues.
The other patches are put into a test group including other IT technicians and Customer representatives for 1 week.
If any issues are discovered they are reported to the Service Desk who process the issues to the right team for further investigation.
If no issues are reported, the team reconvene and collectively decide whether to release them to the entire estate or not.
This approach follows the ITIL Release process and ensure there is an element of control to how we patch our computers.
Thank you, Damon, for taking the time to write your web page.
WSUS is the standard way Businesses manage their patching policy.
Patch releasing can also be managed by other Microsoft technologies such as System Center Configuration Manager (SCCM) for example.
The technology supports the Information Technology Infrastructure Library (ITIL) Framework V3 Release Process.
This is a framework all IT Departments should aim to follow.
The process you have described is comprehensive. However, waiting for 1 week to issue patches, especially patch Tuesday releases, is a little risky.
Home computer users can take some hints and tips from your contribution, Damon. For example, take the time to look at what each of the patches actually does.
Most are to do with protecting your computer from 'remote execution' i.e. a cyber criminal getting on to your computer.
If a problem does occur as a result of apply security updates, you will have an idea of how many updates were last applied, and the types of updates applied, which may provide a clue as to which ones are causing your problem.
You can then use the instructions on the Microsoft XP Updates page to remove the offending update.
Having said that, I would prefer if your computer game is updated or your business program is upgraded to overcome the problem, rather than removing the security patch.
At the end of the day, the security patch is plugging a hole in your system, and should not be removed in case it is exploited by some nasty program floating around cyberspace.