Chapter Summary

Microsoft releases many different types of updates, including critical updates, security updates, service packs, and hotfixes.

A security bulletin announces a new security update and contains detailed information about protecting your computers against the vulnerability.

Chaining allows multiple updates to be applied with a single reboot.

The Automatic Update client connects to either the public Windows Update server or a private SUS server to download, and optionally install, updates.

Systems Management Server is capable of working closely with SUS to deliver updates to an enterprise.

Group Policy can be used to deliver updates, though it is not the preferred method.

A lab environment is required for the detailed testing of updates. The more testing you perform on an update, the fewer problems you will experience when you deploy that update to the production computers on your network.

Every organization should develop an updating process catered to its specific needs. However, every updating process should include steps for discovering, evaluating, retrieving, testing, installing, removing (if necessary), and auditing updates.

When evaluating security updates, factor in both the cost of deploying the update and the risk associated with not deploying the update. Consider alternative ways to mitigate the vulnerability.

Always be prepared for the worst when deploying an update. Be sure that all systems receiving the update have a recent backup available.