We patch Dev on Wednesday night. Test on Thursday night and Production on Saturday night.
We have a series of check out scripts for each of the environments which must be signed off on or brings the whole thing to a halt. While we do have some contractual obligations on our timing of security patching, we have historical experience that waiting to long has cost us a lot in the past. So in general we don’t wait but we do pay attention. We’ve already pulled the Exchange patch and this one. Random interesting presentation related to patch Tuesday. http://channel9.msdn.com/Events/Blue-Hat-Security-Briefings/BlueHat-Security-Briefings-Fall-2010-Sessions/V10-2 From: Heaton, Joseph@Wildlife Sent: Thursday, December 11, 2014 9:33 AM To: [email protected] We never push patches on Patch Tuesday. I wait a few days, at least, watching this list, as well as a couple of others. If I don’t hear any grumbling, then I push patches to my test group. They have 2-3 weeks to play with the patches, to see if there are any issues. If not, we push to the department. Our cycle means desktops get patches about a month after they’re released. I don’t particularly like waiting that long, but that decision was taken out of my hands. Obviously, out-of-band, critical patches are evaluated and deployed much faster. From: [email protected] [mailto:[email protected]] On Behalf Of J- P Sent: Wednesday, December 10, 2014 12:59 PM To: NT Subject: RE: [NTSysADM] Dead body Wednesday report: +1 Its gotten to the point that i'm contemplating converting patch Tuesday into a month-end process I honestly don't know what is worse, installing a faulty update vs remaining exposed Subject: RE: [NTSysADM] Dead body Wednesday report: Date: Wed, 10 Dec 2014 15:45:13 -0500 From: [email protected] To: [email protected] Sure would be nice if Microsoft went back to testing their updates before unleashing them on us. And if they still are how could these get past software QA? Steve Cain Sr. System Administrator -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Susan Bradley Sent: Wednesday, December 10, 2014 3:34 PM To: [email protected] Subject: [NTSysADM] Dead body Wednesday report: MS14-080 reports of IE 9 crashing after install of update - see http://marc.info/?l=patchmanagement&m=141823405324402&w=2 Root cert update KB3004394 causing issues for Windows 7 and Server 2008R2 see http://www.infoworld.com/article/2858014/operating-systems/botched-kb-3004394-triggers-uacs-diagnostic-tool-error-0x8000706f7-amd-catalyst-driver-fail-defende.html MS14-075 Exchange 2010 sp3 update rollup 8 pulled see http://blogs.technet.com/b/exchange/archive/2014/12/09/exchange-releases-december-2014.aspx -- Susan Bradley http://blogs.msmvps.com/bradley http://www.runasradio.com/default.aspx?showNum=390
