Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Painless (Well, Almost) Patch Management Procedures

Perils of Patching

The lead bogeymen in the patch-management nightmare are patch volumes and frequency, resource availability and operational impact.

On Microsoft platforms alone, there were 51 advisories released in 2003, and the frequency got as high as several critical flaws per week. On a more macro level, our Security Threat Watch newsletter reported more than 1,040 vulnerabilities in 2003.

In a bid to curb growing enterprise discontent, Microsoft moved this year to a seemingly more consistent patch-release cycle--its "second Tuesday of the month" strategy (see "The Microsoft Patch Trick," for our take). However, many organizations are less concerned about the timing than they are about the numbers and impact.

"Because of the volume and impact, the release cycle is becoming less relevant," says George Collins, head of security for a large Midwest manufacturing and automation company. "There are more applications that become finicky and fickle around the patches, and while we still need the patches, patching is a nightmare no matter how you deal with it."

  • 1