Announcement

Collapse
No announcement yet.

Applying updates to the servers

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Applying updates to the servers

    Hello,

    I am reading about updates being implemented in companies and some say one should wait for certain time to install them , so as to read first on the internet about issues regarding those installations.

    I guess the idea behind is: Let others try first, they will run into issues, and then Microsoft will document, expose and fix those issues.

    Should I wait before installing any new updates to my servers?

    Thanks in advance
    -
    Madrid (Spain).

  • #2
    Back in the good old days of NT4.0, when Service pack 2 was released, you installed Service Pack 1. When SP3 came out, SP2 was installed etc etc. Now that Updates, sorry, Patch Tuesday is every month and often Updates are released between the Tuesdays waiting for the next SP is no longer possible. Server 2008 R2 only has one SP.

    I have my Server(s) set to download the Updates but do not install. I will install onto a test VM and if it gets screwed up then obviously the important machines wait. Depending on your company policy I would be inclined to wait a month and let someone else discover any screw up MS might have released. While not a Server issue, look at the problem RicklesP had with Office trying to phone home because of an issue with an Update. While annoying on a workstation it can be critical on a Server and you have enough to do without MS creating more work for you and if the Server goes offline it then become "pressure work".

    That is my opinion; others will have their own and nobody will be wrong.
    1 1 was a racehorse.
    2 2 was 1 2.
    1 1 1 1 race 1 day,
    2 2 1 1 2

    Comment


    • #3
      Horses for courses, as biggles77 says.

      Ideally (I.e. according to Microsoft best practices) everyone would use WSUS and have a test group of servers, desktops and laptops to deploy updates to and run them on for a while before rolling them out to everyone. What you actually do depends on your setup, your resources (A small company with 1-2 IT guys is unlikely to have the time or the spare machines for full testing every month) and your needs as regards how critical your servers are.

      If you have good security policies (I.e. a good firewall, up to date AV, internet usage polcies etc, minimal attack surface on your servers) then that mitigates much of the risks that Microsoft patches will fix, so you can afford to wait a few weeks for any issues with the patches to be resolved before you roll them out.
      BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
      sigpic
      Cruachan's Blog

      Comment


      • #4
        Tricky. I don't have the luxury of a test network and have always installed Windows Updates on servers within two days of them being released, and on clients within 4 days. I have seen a webinar where a MS guy said it took about 10 days on average for known exploits to be 'exploited' after they have been made public. Installing patches closes vulnerabilities. If your security software fails, or is otherwise compromised and your systems are not patched it will be easier for the system itself to be compromised.
        A recent poll suggests that 6 out of 7 dwarfs are not happy

        Comment


        • #5
          I remember once patching a Exchange server in a lab, when I was learning Exchange 2010, and it crashed due to an update/patch . Turns out it was a well known issue and I just did not look into it in advance.

          How I was supposed to look into every patch in advance?, Does someone do that?.
          -
          Madrid (Spain).

          Comment


          • #6
            Originally posted by cruachan View Post
            If you have good security policies (I.e. a good firewall, up to date AV, internet usage polcies etc, minimal attack surface on your servers) then that mitigates much of the risks that Microsoft patches will fix, so you can afford to wait a few weeks for any issues with the patches to be resolved before you roll them out.
            GOOD POINT!!
            -
            Madrid (Spain).

            Comment

            Working...
            X