Thursday, March 09, 2006

Microsoft Security Bulletin Advance Notification

It's that time again...

On Tuesday, March 14th, Microsoft will be releasing one "Important" security update for Windows, one "Critical" security update for Office, an updated Malicious Software Removal Tool, and one non-security High-Priority update.

As usual, any Critical updates are highly encouraged to be installed as soon as possible, within reason. What do I mean by "within reason?" That depends on who you are.

For home users, I would suggest waiting a few days to see if there are any reports of major issues. Of course, if you consider yourself a "power user," you can probably take care of yourself, and don't need my advice on patching.

If you are a small to medium sized business (or the IT staff of one), try to find a few non-mission critical machines to get the updates installed on as quickly as possible, and monitor the results. Then, wait a day or two to see if there is any "buzz" about potential issues. If there is not, patch away, keeping an eye out for potential issues that you may be the first to experience.

If you are a large business, you probably already have detailed patching procedures in place, so you don't need me to tell you what to do.

Personally, with the decreasing window between a vulnerability being announced and an exploit being released, I start to feel very nervous if I don't have most of my critical machines patched within a week of Microsoft's release date.

Check out Microsoft's Advance Notification here.

-JB

P.S. - For small and medium businesses that are not using a patch management product, a great one for the money (since it's FREE) is Microsoft's Windows Server Update Services (WSUS). I will go into more detail on this one, as well as other patch management options, in a future post.

0 Comments:

Post a Comment

Links to this post:

Create a Link

<< Home