Re: Windows patch mgmt.

[Murad Talukdar <talukdar_m () subway com>]

Another thing to check would be the windows update server which is free like
the MBSA.
Now when you say 'test' do you mean to see if anything strange happens after
the patch?


Murad Talukdar


----- Original Message ----- 
From: "Depp, Dennis M." <deppdm () ornl gov>
To: "bob martin" <bobmartin_613 () hotmail com>;
<security-basics () securityfocus com>
Sent: Monday, June 21, 2004 10:40 PM
Subject: RE: Windows patch mgmt.


> Bob,
>
> Have you looked at MBSA from Microsoft.  This tool will allow you to
> scan your network and will report on any machines that are missing
> updates.
>
> Denny
>
>
> -----Original Message-----
> From: bob martin [mailto:bobmartin_613 () hotmail com]
> Sent: Tuesday, June 15, 2004 10:41 AM
> To: security-basics () securityfocus com
> Subject: Windows patch mgmt.
>
> Hello all.
> Basic patching question for you.
>
> We have a small environment (approx. 300 desktops and 50 servers) and
> the
> question has come up how do we test all desktops/servers after a windows
>
> patch has been installed.  Given that the networking/desktop team
> consists
> of 6 people, I'm a bit stumped on how we can do this efficiently.  We
> use
> St. Benard's Update Expert to push out the patches and to verify they've
>
> been installed.
>
> Currently we push to a QA environment and let it soak for a week or two
> while it's being used for it's normal functions.  The concern is if the
> server isn't being used for testing, then we may push a patch to a
> production server without it being "tested."
>
> Any suggestions would be very welcomed.  Any more, there's so many
> windows
> patches that it's almost a full time job for one person to manage them.
>
> Thanks.
> Bob
>
> _________________________________________________________________
> Is your PC infected? Get a FREE online computer virus scan from
> McAfee(r)
> Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
>
>
> ------------------------------------------------------------------------
> ---
> Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
> off
> any course! All of our class sizes are guaranteed to be 10 students or
> less
> to facilitate one-on-one interaction with one of our expert instructors.
>
> Attend a course taught by an expert instructor with years of
> in-the-field
> pen testing experience in our state of the art hacking lab. Master the
> skills
> of an Ethical Hacker to better assess the security of your organization.
>
> Visit us at:
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> ------------------------------------------------------------------------
> ----
>
>
>
> --------------------------------------------------------------------------
-
> Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
> any course! All of our class sizes are guaranteed to be 10 students or
less
> to facilitate one-on-one interaction with one of our expert instructors.
> Attend a course taught by an expert instructor with years of in-the-field
> pen testing experience in our state of the art hacking lab. Master the
skills
> of an Ethical Hacker to better assess the security of your organization.
> Visit us at:
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> --------------------------------------------------------------------------
--
>



---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------