October 09, 2003

Microsoft Security Patch Management

Everyone likes to knock MS for security patches. Solas had a good rant on it today. I think we need to remember that there are improved ways to deal with security in Windows environments, its just that not many people know about them.

Microsoft released a data sheet today about their Systems Management Server 2003 product and how it deals with Security Patch Management. You can improve your security posture of your Windows environment through increased vulnerability awareness and reliable targeted delivery of updates. (Their words, not mine)

If you want to try to understand what SMS is about, you might wanna read this. You might find it useful when exploring what tools to use to manage security for your Windows platforms.

Posted by SilverStr at October 9, 2003 04:32 PM | TrackBack
Comments

Isn't SMS the thing that was broken by recent updates, right around the time of the blaster worm? I could be wrong but I seem to remember something about that.

Posted by: Arcterex at October 10, 2003 01:24 PM

There have been some issues with SMS, but I think the issue you are referring to was the break down of HFNetChk from Shavlik during the worm outbreak. Many people prefer it to SMS, and like working with Shavlik since they wrote the scanning engine underneith the Microsoft Baseline Security Analyzer (MBSA).

I don't honestly know if SMS died during the worm outbreak. My point was that there are tools out there for Windows environments that can mitigate the risks and exposure duing critical patch times. Having to only download a patch once to the network is much more effective than saturating the bandwidth when 100's of machines need the same patch within hours. (outside of proxy cache that can save time)

Posted by: SilverStr at October 11, 2003 01:39 PM