6 Replies Latest reply on Jun 8, 2012 8:46 AM by aalvarez

    Patch Tuesday and those updates that never get installed

    aalvarez

      Microsoft implemented (unofficially) a while ago the “Patch Tuesday” strategy: The second Tuesday of each month (this is not written in stone either) they release security patches. But, have you ever thought about why is this released on a Tuesday? Here’s a short explanation:

      • Tuesday: Updates are released (around 17:00 – 18:00)
      • Wednesday: Apply updates in test environment.
      • Thursday: Run use cases in test environment with new updates installed.
      • Friday: Install updates in production.
      • Saturday: Reboot your production servers.  

       

      Unfortunately there are tons of companies that do not follow the same workflow; they find all that testing as “too expensive”.

      But if we cannot afford replicate our entire infrastructure we must always remember these guidelines:

      1. Have a test environment ready with at least the critical components in your organization;
      2. Understand the key use cases to run while testing;
      3. Maintain your systems updated (don’t wait 6 months to release an update);
      4. Document your tests and production updates;
      5. Always have updated and tested backups (testing your updates is no silver bullet, things can go wrong).

       

      And you? How do you manage updates in your organization?