N10-007 Given a scenario, install and apply patches and updates

Windows Patch Management

There’s no such thing as a perfect operating system, and Windows is no exception. From the moment Microsoft releases a new version of Windows, malware attacks, code errors, new hardware, new features, and many other issues compel Microsoft to provide updates, known more generically as patches in the computing world, to the operating system. The process of keeping software updated in a safe and timely fashion is known as patch management. Microsoft has been a leader in the process of patch management for decades. Microsoft’s primary distribution tool for handling patch management is a Web site and a Control Panel applet called Windows Update.

Windows Update separates the available fixes into distinct types: updates and service packs. Updates are individual fixes that come out fairly often, on the order of once a week or so. Individual updates are usually fairly small, rarely more than a few megabytes. A service pack is a large bundle of updates plus anything else Microsoft might choose to add. Service packs are invariably large (hundreds of megabytes) and are often packaged with Windows.

Firmware Updates

Almost all optical drives come with an upgradeable flash ROM chip. If your drive doesn’t read a particular type of media, or if any other non-intermittent reading/writing problems develop, check the manufacturer’s Web site to see if it offers a firmware upgrade. Almost every optical drive seems to get one or two firmware updates during its production cycle.

Driver updates

Let’s say you install an update for your video driver. You reboot, log on to Windows, and suddenly the screen freaks out. Ah, a bad video driver, right? To test, you reboot the computer and press F8 to get the boot options menu. You select VGA Mode (Windows XP) or Low Resolution Mode (Windows Vista/7) and reboot. Now the computer boots up just fine. You know what the problem is, but how do you fix it? Roll back the video driver? Reinstall an older driver? Try downloading another copy of the new driver and installing the video driver again? Any of these solutions may be the right one. Choose one and go for it.

Uh oh, your first guess was wrong: the video is still messed up. No worries, just try another one of your theories. In most cases you’ll just pick another theory and try again. But sometimes there’s a point where the problem is bigger than you. It might be a problem on a server that you’re not authorized to configure.

It might be a problem with a user account, and techs in your company aren’t allowed to change user accounts. It might be a problem with an in-house program and you don’t have the skills to fix it. In these cases, you must escalate the problem.

Vulnerability patches

Despite (or perhaps because of) vendors’ attempts to release patches on regular intervals, enterprises are still racing to seal holes in their infrastructures. Every extra minute a system remains unpatched is another opportunity for worms, backdoors, rooters and Trojans to infiltrate the network.

The clock starts the day the vulnerability is announced and, in many organizations, never stops. We all know the basics of how to roll out patches across the enterprise, so why is success so elusive?

In many enterprises, patching is a messy, time-consuming process through which security teams must lab test new code before welding it onto production machines. The most common mistake is repeating the arduous process with each deployment rather than building a process that makes deployments successively easier.

Think Six Sigma: Every time you roll out a patch, look for obstacles and make adjustments that simplify the patch process for the current and subsequent cycles.

Through continuous process improvement, you can better plan patch deployments; save time and money; reduce errors and disruptions; and improve overall security.