Document Actions
Patching/Updating the Operating System and Software
Software vendors issue patches on a regular basis in response to security flaws as well as to repair software malfunctions in the operating system and application programs. Some updates enhance functionality and performance and others correct deficiencies and security holes. If you allow software on your systems to become out of date, they become more vulnerable to attacks. Keeping up to date on patches is an (additional) security responsibility. However, patching requires a prudent approach.
Microsoft operating systems beginning with XP and 2000 have automatic patching available. If you have a home system, or handle your own desktop, automatic patching is recommended on a daily basis (checking and downloading patches).
Windows automatic patching
Software applications (Microsoft Office, Adobe Acrobat, etc.) also need to be updated with patches.
http://secunia.com/advisories/
If you are a system administrator, create a plan for upgrades and set aside funding that will enable you to stay ahead of the threat. If you are using different types of operating systems in your department, you may need to develop different types of patching strategies. Many compromised systems are the result of not keeping patches current.
* Evaluate the need for a patch. If the patch is for an application or service that is not running on the system, then there is no need to install it. However, operating systems install many features by default, so it is prudent to be aware of exactly what is running on each system.
* Install a patch on a test system prior to installing it on a production system. Patches have been known to crash systems or have unwanted side effects on the application software.
* Even though a patch has worked well on the test system, backup up production systems prior to the installation of a patch. If the worst happens, the system will be recoverable.