Part V
Managing Security Updates
Chapter 22
Patch Management
Patch management is required in a Microsoft network because software is not bug-free. Hotfixes and patches must be periodically applied to the Microsoft Windows NT 4.0, Microsoft Windows 2000, and Microsoft Windows XP operating systems to address security and functionality issues. Typically, hotfixes are developed to resolve one of the following issues:
As network designs become more complex, it is increasingly problematic to test every use of a Windows OS component during initial testing and development of the OS by Microsoft.
Although Windows XP is Microsoft s latest client OS, not all customers will deploy it immediately. Customers will continue to use their common base operating systems, and these versions must be patched to protect against newer vulnerabilities.
The quality bar rises as customers network infrastructures change. More companies are connected to the Internet and are vulnerable to Internet attacks. This awareness drives higher the quality requirements for Internet-related components of Windows 2000.
Many issues cannot wait for a new version of the product to ship. Security issues, memory leaks, and other problems must be addressed immediately, especially if the vulnerabilities can lead to the compromise of a Windows 2000 based computer.
This chapter examines the following topics:
Not all patches are the same. This section looks at hotfix formats and how Microsoft rates security patches.
The development cycle of a hotfix illustrates what happens after a security vulnerability or bug is reported to Microsoft, before the hotfix is released to the public.
The last section of this chapter proposes a methodology for patch management that will allow you to successfully deploy patches.