Patching Paranoia - How Fast Do You Patch?

selfassembled asks: "I work for an IT group in the Boston area called Thrive Networks. After the most recent exploit was revealed, my company scrambled to get our client's servers patched within 48 hours. This is extremely difficult because no customer wants to be interrupted by a reboot during business hours. Our staff worked after hours to get this patch installed ASAP. How fast do you (or your IT group) install patches for major exploits like this? What do you consider to be an acceptable turn around time for a vulnerability patch that may not even have an exploit yet? After Blaster and Welchia we decided it's better to be safe than sorry, and our customers seem to agree."

MS

Constant re-booting seems to be an exclusive MS-phenomenon. Installing patches on Linux only requires a restart of the affected services unless a kernel upgrade is involed - and even this can be worked around in some cases.

You will reboot less when patching a Linux machine. Guaranteed.

Re:Paraniod?

[amembrane]

I'm the network admin/windows/active directory guy for a healthcare company. We run multiple SUS servers, several for desktops, and one for servers. Our procedure is, when a patch is released, that day I.T. downloads and installs it on our desktops and test servers. If it's successful, it gets approved on our desktop SUS servers. If those work OK, the next day it gets approved for our severs. So far we've had no problems with that process.