Patch and Configuration Change Control

Unless you were away from your email last week, you're probably aware that we posted a new Instant Poll question on the Windows & .NET Magazine Security Web page that asks which of the following issues you think will have the greatest effect on security in 2004: viruses and worms, junk email, patch management, or managed security services. The poll is still open for votes, but at the time of this writing, it looks like the majority of you think that patch management will be the biggest issue in the security realm this year (with viruses and worms running a close second). Patch management has been in the forefront of security concerns for quite some time and probably will remain so for quite a long time in the future. Managing security isn't always a process of simply loading patches. As you know, Microsoft's and other vendors' security bulletins sometimes include not only patches but also configuration settings that might help better protect your systems. So patch management goes hand in hand with systems change control.

To help you with these processes, three recent feature articles related to keeping your systems up-to-date with the latest patches and configuration settings are available on the Windows & .NET Magazine Web site. Jeremy Moskowitz has written two informative articles that cover Change and Configuration Management (CCM) and that have associated Buyer's Guides that help you find third-party CCM solutions. Paula Sharick has written a great article covering two topics: Microsoft's new security update procedure and the improved Office Update Inventory Tool You'll find links to these articles in the "Security News and Features" section below.

You're aware by now that Microsoft's new policy regarding security bulletins is to release them only once a month, usually on the second Tuesday of the month. You might be wondering whether Microsoft will be releasing any new security bulletins this month. The answer is definitely yes.

On January 13, the company is slated to release its first security bulletins of 2004. Although Microsoft hasn't said precisely what the bulletins pertain to, the company has already scheduled a Webcast to discuss them. On January 14 at 10:00 A.M. Pacific time, the company will give a 1-hour presentation about the technical details involved in the bulletins and outline steps users can take to protect their systems and networks. Mark Miller, Security Incident Response manager for Microsoft Product Support Services (PSS), and Jeff Jones, senior director of Trustworthy Computing, will make the presentation. If you're interested in viewing the Webcast, be sure to visit Microsoft's Web site to register for the event.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.