Blog Post

Resources for Those Dealing with Security Patches

,

It's been a while since I was in the day-to-day business of security patches. However, I still keep up with vulnerabilities and fixes as I expect every Microsoft SQL Server DBA should. Here are some resources I recommend to do the job right:

 

  • Secunia Advisories - You'll need to create a profile so you can receive advisories by email, but it's worth it. Be advised, if you don't filter things down you will get a LOT of email as there are quite a few vulnerabilities reported every day.  

  • The PatchManagement.org mailing list - This is a dedicated list to patch management. If there's a problem with a security release, chances are you'll see it described on the list. You can also subscribe to the WSUS mailing list at the same link if that's what your organization uses.

  • The Microsoft Security Response Center blog - The MSRC blog posts discussions of vulnerabilities as well as the links and times of discussions for the Black Tuesday patch releases. If you deal with Microsoft patches, you simply must keep up with the MSRC blog.

  • Microsoft Technical Security Notifications - Like Secunia's advisories, these notify you of security issues, but with respect to Microsoft products. You'll get the advance notification of what patches are planned to be released on Black Tuesday as well as descriptions of the patches actually released on Black Tuesday. Another must if you're dealing with Microsoft patches.

  • The Full Disclosure mailing list - If there's a zero-day, chances are you'll hear about it on this list first. Be forewarned: sometimes there's a lot of emails. Also, sometimes the signal to noise ratio is really bad. However, I've found it worth being subscribed to in order to know about something in the early stages.

 

The key with patch management is to know as much as possible as soon as possible. You don't want to roll a bad patch to a system and you want to know if a patch may have issues with a particular setup. These help you keep up with all that. Also, you might check out the TechNet forums on the specific technologies you support. Sometimes you'll find the answer you need there, although often times if there's something related to a patch, you'll see a post from the PatchManagement.org mailing list which contains the appropriate links.

 

Rate

You rated this post out of 5. Change rating

Share

Share

Rate

You rated this post out of 5. Change rating

Related content

Technical Article

Weak Passwords Discovered in the 10,000 Disclosed Hotmail/Live.com/MSN leaked accounts

By now, hopefully everyone has heard of the security breach where accounts and passwords were found on a public site listed the account usernames and passwords of some 10,000 users. Initially it was just reported to be Hotmail/Live.com/MSN, but it turns

You rated this post out of 5. Change rating

2009-10-13

3,534 reads