v As the disclaimer that you agreed to before using any software from Microsoft (including patches) helpfully points out, their software may or may not be fit for purpose, regardless of whether you use it to run your organisation's critical financial database, drive control systems to move control rods around in a nuclear reactor, or simply e-mail friends, relatives and people you stumbled across on Friends Reunited. So the fact is that software vulnerabilities will be found, patches to fix them will be issued, and in order to maintain the security and integrity of your system, you will need to promptly apply them.However, an organisation's patch management strategy will not be cheap, and requires test systems, procedures, change management and back-out plans. It will require resources, including personnel and investment in training. It may even require dedicated servers to provide software updates to other servers and workstations. In short, it requires investment, and with it recognition from budget holders within companies that patch management is important and essential enough to be taken seriously, and be a distinct and recognized element of the system administrator's job role. Given the financial damage incurred from cleaning up after a virus outbreak with an organization, proactive patch management should be considered a sound business investment with real, tangible benefits.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.