Patch Management

EdgraEdgra Junior MemberMember Posts: 18 ■□□□□□□□□□
I have a question for all those who patch is there a good website that I can use to see what kind of issues the patch Tuesday patches cause so I can research before applying to my environment?


  • iBrokeITiBrokeIT Member Posts: 1,317 ■■■■■■■■■□ and seem to be popular choices around here.
    2019: GPEN | GCFE | GXPN | GICSP | CySA+ 
    2020: GCIP | GCIA 
    2021: GRID | GDSA | Pentest+ 
    2022: GMON | GDAT
    2023: GREM | GCWN | GSE

    WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security | SANS Grad Cert: Cyber Defense Ops
  • EdgraEdgra Junior Member Member Posts: 18 ■□□□□□□□□□
    iBrokeIT wrote: » and seem to be popular choices around here.

    I appreciate it I will look at it. Thanks so much
  • TechGromitTechGromit Ontario, NY Member Posts: 2,151 ■■■■■■■■■□
    This is something you really need to test in your companies environment, most organizations have some custom software that may be adversely affected by some patches. If your companies too small to have a software test team, I'd select one or two computers from each department to be your involuntary test subjects, and only push patches out to those computers. This way if the patches F'up any computers, you'll only have a few to fix instead of causing a company wide disaster. If there no complaints after a week or two, then it's probably OK to push the patches company wide. Sometimes you can get WSUS to remove applied patches by unchecking them, sometimes not.
    Still searching for the corner in a round room.
  • blargoeblargoe Self-Described Huguenot NC, USAMember Posts: 4,174 ■■■■■■■■■□
    iBrokeIT wrote: » and seem to be popular choices around here.

    This is my go to. I let the unfortunate souls who are required by their company's policy to immediately start deploying patches as soon as they are available discover the major breaking changes. You will get feedback within a day or so of release whether or not the patches in their current state are a definite no-go. Relying on Microsoft to provide relevant and timely information on breaking changes will bite you eventually. This month's .Net issues breaking IIS and SQL is a perfect example. Anyone paying attention to the chatter delayed their rollout of these updates.

    This does not replace your own well thought out test plan and dedicated test/pilot rollout.
    IT guy since 12/00

    Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
    Working on: RHCE/Ansible
    Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
Sign In or Register to comment.