Patching Paranoia - How Fast Do You Patch?

selfassembled asks: "I work for an IT group in the Boston area called Thrive Networks. After the most recent exploit was revealed, my company scrambled to get our client's servers patched within 48 hours. This is extremely difficult because no customer wants to be interrupted by a reboot during business hours. Our staff worked after hours to get this patch installed ASAP. How fast do you (or your IT group) install patches for major exploits like this? What do you consider to be an acceptable turn around time for a vulnerability patch that may not even have an exploit yet? After Blaster and Welchia we decided it's better to be safe than sorry, and our customers seem to agree."

Re:I don't apply these kinds of patches

[__past__]

Well, you apply other kinds of patches then, hopefully. Which also can break things and should be tested (even if both massively exploited holes and broken patches tend to be rarer).

I certainly didn't like patching OpenSSH on a machine I can only reach via SSH.