All of Microsoft’s notification channels are getting urgent news out about a new security update that will be released on October 23rd. It will affect all currently supported, both mainstream and extended, forms of Windows (Windows 2000 and later).
Don’t let this sound run-of-the-mill. This sort of update is very rare from Microsoft. The normal update releases from Microsoft happen on “patch Tuesday”, on the evening of the second Tuesday of every month. This “out of band” release happens about once a year and is a reaction to an urgent security vulnerability where Microsoft believes it is important to get an update available to the public before their normal schedule.
C Infinity maintains a centralised security patching solution based on best practices. We use a single download mechanism to download updates to a management server. A virtualised test lab that represents a wide variety of servers and applications is used to test security updates. We also monitor the newswires to see if there are any issues with the updates that our tests might not have detected. After this first phase is complete, we go through a change control process to enter phase two of security update deployment. The updates are now approved for the C Infinity production environment. Again we monitor the health of the infrastructure before entering the third and final phase. Following another change control approval, the updates are made available to the managed hosting clients of C Infinity. Their servers are now updated with thoroughly tested security updates.
It is important to maintain the security patch level of your servers. Almost, if not, all of the famous “attacks” of recent years such as SQL Slammer, MS Blaster and Nimda could have been prevented if organisations had deployed their security updates. The mechanisms are available to provide a managed, tested and tightly controlled system for securing the network - not just at the edges with firewalls but also internally with well accepted security practices.
Our clients are welcome to contact us via the normal channels if they have any questions or concerns. Anyone interested in our services is also free to contact us.
Related posts:
