Patch Management

Edgra

I have a question for all those who patch is there a good website that I can use to see what kind of issues the patch Tuesday patches cause so I can research before applying to my environment?

iBrokeIT

https://www.reddit.com/r/sysadmin/ and https://www.ghacks.net/ seem to be popular choices around here.

Edgra

iBrokeIT wrote: »

https://www.reddit.com/r/sysadmin/ and https://www.ghacks.net/ seem to be popular choices around here.

I appreciate it I will look at it. Thanks so much

TechGromit

This is something you really need to test in your companies environment, most organizations have some custom software that may be adversely affected by some patches. If your companies too small to have a software test team, I'd select one or two computers from each department to be your involuntary test subjects, and only push patches out to those computers. This way if the patches F'up any computers, you'll only have a few to fix instead of causing a company wide disaster. If there no complaints after a week or two, then it's probably OK to push the patches company wide. Sometimes you can get WSUS to remove applied patches by unchecking them, sometimes not.

blargoe

iBrokeIT wrote: »

https://www.reddit.com/r/sysadmin/ and https://www.ghacks.net/ seem to be popular choices around here.

This is my go to. I let the unfortunate souls who are required by their company's policy to immediately start deploying patches as soon as they are available discover the major breaking changes. You will get feedback within a day or so of release whether or not the patches in their current state are a definite no-go. Relying on Microsoft to provide relevant and timely information on breaking changes will bite you eventually. This month's .Net issues breaking IIS and SQL is a perfect example. Anyone paying attention to the chatter delayed their rollout of these updates.

This does not replace your own well thought out test plan and dedicated test/pilot rollout.