Chapter 23: Using Patch Management Tools

Previous page
Table of content
Next page

Chapter 23

Using Patch Management Tools

Several tools allow you to apply Microsoft Windows patches and determine patch deployment status. This chapter looks at available patch management tools, describes how they operate, and provides recommendations on when to utilize each of them.

Currently, several organizations manually distribute service packs and security updates. Although you can script update deployments, you often end up falling behind in security update distribution, leaving your computers vulnerable. In addition, when manually installing security updates, it is possible to overwrite an updated executable or dynamic-link library (DLL) file with an older version if the security updates are not applied in the correct order.

Using the QChain Tool

The QChain tool allows you to install multiple security updates without having to reboot between installations. The QChain tool evaluates the drivers, DLLs, and executable files updated by each security update and ensures that only the most recent versions of the files are maintained after reboot.

To use the QChain tool, you must create a batch file for the security update installation. The batch file looks something like the sample shown below.

@echo off setlocal set PATHTOFIXES=c:\patches %PATHTOFIXES%\Q123456_w2k_sp2_x86.exe -z -m %PATHTOFIXES%\Q123321_w2k_sp2_x86.exe -z -m %PATHTOFIXES%\Q123789_w2k_sp2_x86.exe -z -m %PATHTOFIXES%\qchain.exe

The batch file installs each security update with the -z switch to prevent reboots after each security update installation and uses the -m switch to enable unattended installs. Once all updates are installed, the QChain tool is executed to ensure that only the most current versions of updated files are maintained.

QChain is not required if you are deploying security updates to Microsoft Windows XP or Microsoft Windows 2000 computers with Service Pack 3 or later because QChain functionality is built into these versions.

To reduce the cost of deploying security updates and patches, many companies use tools to automatically deploy security updates. Microsoft s current roster of security patch management tools includes the following:

  • Windows Update

  • Automatic Updates

  • Microsoft Software Update Services (SUS)

  • Microsoft Baseline Security Analyzer (MBSA)

  • Microsoft Systems Management Server (SMS) Software Update Services Feature Pack

You must understand that the catalog used by these tools determines which security patches are installed on target computers and, more importantly, which security patches are required by the target computer.


Previous page
Table of content
Next page
Microsoft Windows Security Resource Kit
Microsoft Windows Security Resource Kit
ISBN: 0735621748
EAN: 2147483647
Year: 2003
Pages: 189
Authors: Ben Smith, Brian Komar
BUY ON AMAZON
Agile Project Management: Creating Innovative Products (2nd Edition)
High-Speed Signal Propagation[c] Advanced Black Magic
Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Input Validation & More
Excel Scientific and Engineering Cookbook (Cookbooks (OReilly))
Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance
Microsoft Visual Basic .NET Programmers Cookbook (Pro-Developer)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy