PDA

View Full Version : Best Practice: Patches that are not critical or security related

paulc2480
09-28-2006, 07:28 PM
What is the best practice for installing patches that are not listed as
"Critical" or "Security" related? Does Microsoft have an official stand on
this?

Some would say push them all to be safe and fix any potential issues. On
the other side it has been said that by pushing patches for problems that
don't specifically affect you it creates a greater chance that something else
might be broken. Any references containing recommendations or best practices
on this subject? Thanks!
karl levinson, mvp
09-30-2006, 04:13 PM
"paulc2480" <paulc2480@discussions.microsoft.com> wrote in message
news:510FA8DC-83F4-4504-9015-DC9C62CD5C40@microsoft.com...
> What is the best practice for installing patches that are not listed as
> "Critical" or "Security" related? Does Microsoft have an official stand
> on
> this?
>
> Some would say push them all to be safe and fix any potential issues. On
> the other side it has been said that by pushing patches for problems that
> don't specifically affect you it creates a greater chance that something
> else
> might be broken. Any references containing recommendations or best
> practices
> on this subject? Thanks!

Well, since no one else answered... I really think this is entirely up to
you, and whether you are more troubled by the risks of not patching
[compromise, loss of functionality and instability] or the risks of patching
[performance issues, loss of functionality and instability]. In either
case, testing the patch reduces these risks, but it also takes time and
money.

Another popular stance is, instead of patching, install those other updates
after a few months, when other people have vetted them and any patch
modifications have been released.

I'm not sure you need to go to the trouble of downloading and installing
non-security related updates, unless you know or believe you are at risk of
the issue happening in your environment.

Most people recommend installing service packs within one to nine months
after their release, at which time you would get most of those other
non-Critical patches.

Security patches rated Important are probably something you'd want to
install. Microsoft gives installation time recommendations in each of their
security bulletins, but non-security updates are I think left up to you to
decide.

--
kind regards,
Karl Levinson, CISSP, CCSA, MCSE [MS MVP]
--------------------------------
Microsoft Security FAQ:
http://securityadmin.info