Friday | 10 July, 2009
CSO
IT managers patch up with Microsoft
Darren Pauli (Computerworld) 13/07/2006 10:27:00

Despite the demanding workload Australian IT managers have settled into the routine of Microsoft's Patch Tuesday updates.

But some months are tougher than others.

Security provider Patchlink believes the release of 12 patches for the month of June, which were released this week, has left IT managers with a "patch management hangover".

The release occurs monthly on the second Tuesday allowing Microsoft to announce product vulnerabilities and issue patches.

Local Patchlink president Neal Gemassmer said the bottom line is that enterprises still face network vulnerability if IT managers fail to get the update fully tested and deployed across the enterprise in a timely manner.

But IT managers who spoke to Computerworld said the bundled releases are more manageable and allow for planning.

Bank of Queensland IT security manager Grant Slender said Patch Tuesday has been positively accepted in most IT departments.

"Simultaneously releasing patches on 'Patch Tuesday' assists IT managers rather than inhibiting them," Slender said. "IT managers are well aware when the updates will come and can prepare for it. Most large companies have structured change controls in place (that authorize, test, and approve change) to accommodate for the changes."

Slender says bundled updates works in line with schedules, because it avoids continual interruption.

"The alternative to bundled updates is a drip-feed supply which, on top of interfering with other work, would just be annoying," he said.

AM International MIS manager Nick Phipps agrees, saying: "[Patch Tuesday] works well with us. We prepare for the updates in advance using structured change controls and can accommodate them easily. There's no a reason for breaking up [bundled] delivery - it's not logical".

Microsoft spokesperson Jo Balfour said bundling updates makes it easier for IT managers to implement them, while critical updates can be released immediately.

"Consolidating these software updates is easier for systems administrators to deploy," Balfour said. "Critical updates may be released out of cycle where appropriate."

She said threat bulletins detail vulnerabilities and help users make decisions about how and when to deploy the patch.

The June-July period saw Microsoft releasing 19 updates through its Patch Tuesday events, 13 were rated "critical", five "important" and one "less severe".

More about Microsoft, Bank of Queensland, Logical, Patchlink, PatchLink

Comments

Post new comment

Login or register to link comments to your user profile, or you may also post a comment without being logged in.
The content of this field is kept private and will not be shown publicly.
Enter the fully qualified URL, eg. http://www.example.com/
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

More information about formatting options

Add to Google
Additional Resources
Newsletter Subscription
Sign up for our CSO Online newsletters!
RSS Feeds
Syndicate content
 
Get a job Careerone
Whitepaper


Read Whitepaper

The business justification for data security

In the information security world we face two major types of threats: "noisy" threats which directly interfere with our ability to do business and "quiet" threats which cause real damage, but don't necessarily prevent people from doing their jobs. Read on to discover how to combat both types of threats and to justify the use of data security within your business.

Sponsored Links