*>>If you have a documented test process I am unsure why it would take significantly longer.*
Um... More things to test? Unless the patches are for the same general area of code, more patches mean more affected applications. Now, if the testing were *automated*, then I could agree that there would be no difference between testing 2 patches and testing 17. *ASB *(Professional Bio <http://about.me/Andrew.S.Baker/bio>) *Technology Services that Maximize Business Results... * On Fri, Apr 8, 2011 at 12:19 PM, Steven Peck <[email protected]> wrote: > If you have a documented test process I am unsure why it would take > significantly longer. We plan on doing what we do each month. Dump all on > dev environment, then the test environment, then production. The test > people have their test scripts and I don't expect any issues really. > > While larger numbers 'potentially' could affect more things or have more > interesting impacts, Microsoft has been pretty solid for the last several > years now. We've had a patch affect 4 of our services in the last few > years. One was LCS (everyone got affected) the other 2 turned out to be > borderline systems that it wasn't the patches fault and the last was a > telecom app (which, well, telecom app). > > That said, someone sends an email out every month about the patch release. > > Just not that big a deal. I wear a size 12 or 13 shoe depending on brand, > we'll see if I have report on the taste after next weekend. > > Steven Peck > http://www.blkmtn.org > > > > On Fri, Apr 8, 2011 at 5:52 AM, Andrew S. Baker <[email protected]> wrote: > >> I have to agree with Ed. 17 patches represent more potential issues with >> *some* app in your organization than 2 patches. >> >> Just the research to determine how you're going to handle the fixes >> (definitive rollout OR other mitigation) is going to take a lot longer. >> >> While I'm a major proponent of the >> you-really-want-to-install-the-latest-patches camp, we do have a process of >> validation, as we sometimes run quirky software that behaves improperly when >> changes are made. >> >> These have to be accounted for... >> >> >> >> *ASB *(Professional Bio <http://about.me/Andrew.S.Baker/bio>) >> *Technology Services that Maximize Business Results... >> >> * >> >> >> >> On Fri, Apr 8, 2011 at 12:15 AM, Brian Desmond <[email protected]>wrote: >> >>> I can never figure this out. What's the difference to you whether they >>> ship 2 patches or 17? This seems like just your basic sensational headline >>> to me. It's the same deployment effort. I doubt you're fully qualifying each >>> patch individually and communally in a full test environment where you'd see >>> substantial increase in test overhead. >>> >>> Thanks, >>> Brian Desmond >>> [email protected] >>> >>> c - 312.731.3132 >>> >>> >>> -----Original Message----- >>> From: Ziots, Edward [mailto:[email protected]] >>> Sent: Thursday, April 07, 2011 3:35 PM >>> To: NT System Admin Issues >>> Subject: 17 Patches coming out from Microsoft this month. >>> >>> Cross post from Susan Bradley on the Patch Management List. Strap on your >>> seat-belts folks its going to be a bumpy ride this month. >>> >>> Advance Notification Service for the April 2011 Bulletin Release - MSRC >>> - Site Home - TechNet Blogs: >>> http://blogs.technet.com/b/msrc/archive/2011/04/07/advance-notification- >>> service-for-the-april-2011-bulletin-release.aspx<http://blogs.technet.com/b/msrc/archive/2011/04/07/advance-notification-service-for-the-april-2011-bulletin-release.aspx> >>> >>> My name is Pete Voss, and I'm a senior response communications manager >>> with Microsoft Trustworthy Computing. I'll be joining the rest of the team >>> on the MSRC blog <http://blogs.technet.com/b/msrc/> and @MSFTSecResponse >>> <http://twitter.com/#%21/msftsecresponse/> Twitter handle to help >>> provide you with the latest information and guidance for Microsoft security. >>> >>> Today, we're providing advanced notification < >>> http://www.microsoft.com/technet/security/bulletin/ms11-apr.mspx> on the >>> release of 17 security bulletins, nine rated Critical and eight rated >>> Important. This month's bulletin release will address 64 vulnerabilities >>> across Microsoft Windows, Microsoft Office, Internet Explorer, Visual >>> Studio, .NET Framework and GDI+. >>> >>> This month we'll be closing some issues that Microsoft has already >>> previously spoken to, including the SMB Browser (Critical) issue publicly >>> disclosed Feb. 15. Microsoft assessed the situation and reported < >>> http://blogs.technet.com/b/srd/archive/2011/02/16/notes-on-exploitabili >>> ty-of-the-recent-windows-browser-protocol-issue.aspx<http://blogs.technet.com/b/srd/archive/2011/02/16/notes-on-exploitability-of-the-recent-windows-browser-protocol-issue.aspx> >>> > >>> that although the vulnerability could theoretically allow Remote Code >>> Execution, that was extremely unlikely. To this day, we have seen no >>> evidence of attacks. >>> >>> We are also planning a fix for the MHTML vulnerability in Windows, rated >>> Important. We alerted people to this issue with Security Advisory >>> 2501696 >>> <http://www.microsoft.com/technet/security/advisory/2501696.mspx> >>> (including a Fix-It that fully protected customers once downloaded) back >>> in late January. In March, we updated the advisory to let people know we >>> were aware of limited, targeted attacks. >>> >>> The bulletin release scheduled for the second Tuesday of the month, April >>> 12, at approximately 10 a.m. PDT. Come back to this blog then for our >>> official risk and impact analysis, as well as deployment guidance and a >>> brief video overview of the month's highlights. Meanwhile, customers are >>> encouraged to review Microsoft's advanced notification < >>> http://www.microsoft.com/technet/security/bulletin/ms11-apr.mspx> and >>> assess it for their particular environment. Additionally, we recommend that >>> administrators reference our Security Update Guide < >>> http://www.microsoft.com/security/msrc/whatwedo/securityguide.aspx> for >>> help preparing for the bulletin release. >>> >>> The monthly technical webcast is scheduled for Wednesday, April 13, >>> hosted by Jerry Bryant and Jonathan Ness. I invite you to tune in and learn >>> more about the security bulletins. The webcast is scheduled for Wednesday, >>> April 13, 2011 at 11 a.m. PDT, and the registration can be found here >>> <https://msevents.microsoft.com/cui/WebCastEventDetails.aspx?culture=en- >>> US&EventID=1032327018&CountryCode=US<https://msevents.microsoft.com/cui/WebCastEventDetails.aspx?culture=en-US&EventID=1032327018&CountryCode=US> >>> >. >>> >>> For all the latest information, you can also follow the MSRC team on >>> Twitter at @MSFTSecResponse <http://www.twitter.com/msftsecresponse>. >>> >>> >>> Edward E. Ziots >>> CISSP, Network +, Security + >>> Network Engineer >>> Lifespan Organization >>> Email:[email protected] >>> Cell:401-639-3505 >>> >>> >>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
