Tech by PC

We just had patch Tuesday last week, so typically today would be the day when all the Windows servers are patched and rebooted. Due to a visit by a dignitary early next week a decision was made by people outside of IT to postpone patching until the following weekend. Is this a legitimate reason to postpone patching? The one legitimate argument is that something could go wrong with the patching and we end up recovering systems into the week. The likelihood of that happening must be pretty small since it has never once happened to us before. I do plenty of patch testing before making the decision to roll out, so there is usually forewarning that something negative is in the air in plenty of time to delay patching for a fix. In addition, many of the machines are virtual which could easily be snapshot before a patch if it were that critical.

On the other hand, patching regularly has kept us from getting any serious virus or worm for over three years. I wouldn’t wish for it because I would have to help in cleanup, but sometimes I wonder what it would be like if such a decision backfired and we got hurt precisely because they tried to avoid it.

This entry was posted on Sunday, October 19th, 2008 at 2:25 pm and is filed under Security, Software. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.