Modern Middle Manager
Primarily my musings on the practical application of technology and management principles at a financial services company.
To Patch or Not to Patch

Tuesday, February 18, 2003  

Phillip Windley writes a brief paragraph concerning the enterprise's decision to patch or not to patch Microsoft servers every time a new security patch comes in. This concern is highlighted by the Slammer worm attack. While I can understand this being a problem with the underlying OS or IIS, I am having a hard time understanding why anyone exposes their SQL server to the Internet. What the hell were you thinking?

Returning to the problem, patching the underlying OS and IIS without testing is a serious problem. Yet without it you may be vulnerable to the latest worm attack. What to do, what to do? We roll out patches on a regular basis with regular virtual server backups -- this allows us to roll back servers if the patch is harmful. It's not a perfect defense...but there isn't any right now.

posted by Henry Jenkins | 2/18/2003 02:58:00 PM

Comments: Post a Comment
the author
open source