big patch week

It’s been a busy week for vulnerabilities. Microsoft’s normal round with server and client patches. Winpcap had a disclosure and update. Sun’s Java. I just saw a Flash player disclosure on the FD mailing list. Even McAfee’s ePO and Cisco’s CallManager rang some up. It’s one of those days that reminds me of a few things.

1) Make sure that if you don’t have the abilities to update all your workstations quickly, get that base image updated with the newest packages and installs so you stop rolling out outdated systems. Befriend your image guy/girl and make sure they have time and are appreciated. Volunteer to be a tester for any pilot deploys.

2) Evaluate whether you need centralized Windows install/patch management like Altiris. Don’t overlook the need for another body to be the Altiris expert, or to carve out significant time for someone to learn and manage it. It’s not an install and forget app!

3) If you don’t do either of these, well, at least be aware of what your vulnerabilities are and make plans to mitigate or attack these issues in the future.

4) And most importantly, to all the stay-at-home “IT admins” whose experience includes 5 years of their 1 office SOHO room and 7 years of IT journalism: “Go patch your shit. Come back to me after you’re done, and start imagining doing that for 3,000 systems in 25 departments before cluttering my reader with the latest no-brainer ‘best practices’ that sound good on a dreamy sunny Saturday morning but have little basis in reality.” (Yeah, I have a pet peeve right there, hehe…)