PATCHING
Patching is a part of
the System administrator’s life. Patch is defined as, adding security features
or adding new features to existing operating system or upgrade operating
systems.
Here we want to explain the window’s patch release process
and to know best mythology to test the updates.
Patch management is the process of managing patches without disturbing
the work environment. It includes scanning and detecting missing patches to
download and deploying them.
Before this we need to know about patch release information.
The history of update
(aka patch) Tuesday:
“Patch Tuesday” or “Update Tuesday” as formalized in October
2003.Previous years Microsoft follows “ship-when-ready”(shipping whenever they
were ready to deploy).this allowed to fixes to go out almost immediately, it as
a burden to System administrators. This as challenge for users. Who sometimes
had to reboot their computers multiple times a month to apply the updates,
rather than just one reboot to apply a cumulative update.
Update Tuesday is the most important monthly service event. This quality update does not include new features, instead it serves to enhance system stability and security. Microsoft develop and test these updates quickly to minimize the impact of a vulnerability should one be made public. They should be installed as soon as possible once released.
Why Microsoft choose second Tuesday at 10:00 A.M
pacific time for two reasons:
1. For
IT admin’s Monday is a day to deal with any other issues need to work through
from the previous week.
2. To give the plenty of time to test the updates and deploy them to devices, then respond to any issues that may arise during the rest of the week.
Microsoft also spends the rest of the week watching
for feedback and issues identified by businesses and consumers so Microsoft team
begin preparing fixes immediately if necessary.
As an IT
professional We should have an established process and plan to install update Tuesday
releases each month.
Simplified process of patching process
1. Microsoft will release the patch on the event of Patch Tuesday.
2. System Admin need to test on test machines. Pre-pilot.
2.1. Awareness:
Before deploying the patch to the
production. We need to know the patch details like what it is trying to fix or upgrading.
Below links will help to know about release information.
SAN’s Newsletters https://www.sans.org/newsletters/
Microsoft security newsletter https://www.microsoft.com/en-us/msrc?rtc=1
Microsoft technical security news
letter https://www.microsoft.com/en-us/msrc/technical-security-notifications?rtc=1
Microsoft catalog update https://www.catalog.update.microsoft.com/Home.aspx
2.2. Test with
applications:
Test the patches before deploying with
combinations of the application’s like adobe reader and personal application (Developed
by your organization or which are using in your environment).
3. Deploy the patches to Privileged users (Pilot).
Before deploying patches to production.
We need to include the schedule maintenance windows and include a roll-back
plan.
4. Now we can deploy the patches to all users in environment.
Use a
patch management system to deploy patches to environment (Production).
Patches contains fixes for one or more vulnerabilities that
have been identified by numbers assigned via the common vulnerabilities and
exposures (CVE) system, maintained by the National Cybersecurity Federally
Funded Research and Development Center (FFRDC).
Patch Tuesday lets systems administrators prepare for
possible impacts patch applications might have and warn their users. When a
serious problem with a patch is reported, it can affect the computers where the
update will be installed. IT personnel can defer installing that patch, while still
installing the rest of them, so they don’t lose the protections from all those
other vulnerabilities.
Microsoft releases new feature updates twice a year. Instead
of the traditional cycle, when Microsoft released new features every few years.
Once you’ve installed the windows 10 April 2018 update, You’ll receive monthly
updates every second Tuesday of the month. We call this “update Tuesday” but
some people may call it “Patch Tuesday”. The quality of the data that we
release on update Tuesday don’t add or remove features, instead they deliver
important fixes that importantly, these updates provide fixes against security
vulnerabilities and other threats. To keep your computer up to date, just make
sure it’s connected to internet and will automatically download the update. You’ll
have to restart the device to finish the process, but you can change the change
your active hours in the settings app. About two weeks after update Tuesday,
will released an additional update that is. Preview of our non-security fixes.
Because this release is only a preview,
Patching scenario for home users:
Windows won’t try to install this automatically. To limit
the amount of times you need to restart your computer each month. If user want
to try the preview updates and send us feedback. User can install them by
clicking “Check for updates” in windows update. In the settings app. In either
case, these fixes will be installed as part of the update you get the following
update Tuesday. On some occasions, we may need to release an update on-demand. Unlike
the scheduled security and preview releases, Microsoft only release an
on-demand update to fix a security or quality issue that cannot wait until the
next scheduled release like our other updates, this type of update will require
that you reboot your device.
So, Microsoft only do this for critical issues.
Microsoft really try not to reboot. Your computer more than once a month, But our top priority is to keep your computer secure and reliable. One final piece of info about windows updates. They’re all cumulative, which means that each update includes all previously released fixes and improvements. So, installing the latest update is all you need to do to bring your device up to date.
Will share another update on windows 10 servicing channel.
Reference Links:
No comments:
Post a Comment