Written By: admin
Microsoft has released MS08-068, a security update. As an administrator running a Microsoft shop, what do you need to know and what do you need to do? First off you can read the official update on the Microsoft security website here – http://www.microsoft.com/technet/security/bulletin/ms08-nov.mspx
How do I deploy MS08-068 to my organization?
If this is an issue for your organization, you need to step back and fix a major problem outside of this patch. Applying patches, security updates and hotfixes should be a general reactive task that your IT department can do without any major concerns. Are you using Microsoft Systems Center Configuration Manager (SCCM) 2007, Microsoft Systems Management Server (SMS), or Microsoft Windows Software Update Services (WSUS)? If not, how are you applying patches and hotfixes to your organization? Logon scripts alone? Or even worse, manual updates?
This update has some critical fixes in it, and that is a problem. The script kiddies are hard at work writing copycat spam emails, bogus downloads, and free office worker web based games so your employees without knowing it are going to be downloaded Trojans and viruses to target these exploits. It is a race to get to the door first. You to close it, them to sneak in through it. Don’t put your organization, or your career at risk. Make patching a business priority and one that just happens all the time without major concerns. The more severe the alert, the faster it happens.
What is your patch management SLA?
Do you have Service Level Agreements for the application owners of Microsoft Windows XP, Vista, Server 2003 and Server 2008? How soon after a Critical, Important or Advisory update comes out do you have to apply these hotfixes? Are you the application owner? That was is the timeline you have given your own team to roll out these patches and hotfixes?
Is your IT organization vulnerable to MS08-068?
Are there users who VPN in, work from home, or travel with laptops? Are they getting updated quickly? These users have access to the Internet without the benefit of your corporate firewalls. Patch them right away. Now what about the user on the road, how long can they go unpatched before they no longer are given access back onto the corporate network? Do you have a defense perimeter to quarantine out of date laptops from getting to corporate resources?
If you were looking for specific details on MS08-068, as the CIO, IT Director or manager, let me give you all the details you need to know and what you need to ask your team today:
- How many notices did Microsoft release?
- For each of them, are we impacted?
- For each that we are impacted, what is the level of the alert?
- What is the SLA for us to get the update out at that level?
- When will be get the update out?
- Does that meet or exceed the SLA?
- When will we notify our customers that we are going to be pushing this update?
- Do we need to do a change control request (CCR)?
- Do we need to do an expedited change control request (ECCR)?
- And finally, when the deadline is due, ask “Are we good?
These updates happen all of the time. It is how Microsoft and every other software developer keeps their software up to date, fixes things and adds new features and benefits. If your organization is in crisis today, fix the root problem and make your organization more efficient at handling patch updates.