RE: Patch Management on Critical Servers (Healthcare)

Hi there.

SUS and WSUS are good patch management - and it's free.
But the reporting would be a bit not-so-friendly.
With SUS/WSUS, the patches can be updated and restart later - whenever it is

But to perfect this patching process, it would be great if you could afford
an application which could make a live snapshot of the system - fast and
reliable for a full-proof "rollback".

Such as acronis,falconstar, etc ...

This is because those 'rollback' functionality come with the patch
management doesn't really work for some patches.
Once in, system or some in-house application's down.
There is no way any administrator can roll back that - other than to restore
the system to the point before specific patch.

Good luck.
And if you come across a better idea than that,
Do let me know.


-----Original Message-----
From: beinm@xxxxxxxxx [mailto:beinm@xxxxxxxxx]
Sent: Monday, May 08, 2006 9:03 PM
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: Patch Management on Critical Servers (Healthcare)


I'm just curious to hear how people in the field have been handling patch
management with critical servers. Have you setup maintenance windows? If, so
how did you manage the down time? What have people been doing if the device
or server has an approved FDA configuration? Are you using thing like WSUS?


Security Engineer

This email has been scanned by the MessageLabs Email Security System.
For more information please visit

This message and any attachment(s) are confidential and may be privileged or otherwise protected from disclosure. If you are not the intended recipient, please telephone or e-mail the sender and delete this message and any attachment from your system. If you are not the intended recipient you must not copy this message or attachment or disclose the content to any other person.

Any opinion, view and/or other information in this message and/or any attachment(s) hereto which do not relate to the official business of Star Publications (Malaysia) Bhd shall not be deemed given nor endorsed by Star Publications (Malaysia) Bhd. Our company is not responsible for any activity that might be considered to be an illegal and/or improper use of email.

E-mail transmissions cannot be guaranteed to be secured or error-free as information could be intercepted, corrupted, lost, destroyed, delayed, incomplete or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message or for any virus damage which may arise as a result of this e-mail transmission.

Relevant Pages

  • Re: Finding Indivudual Patches using the WSUS files
    ... In addition to its automatic updates, we used our old SUS server to manually get patches and service packs as we needed them for standalone install. ... This also saved tech support staff from having to build their own redundant 'collections' - we also knew we were always getting the latest version every time and not a stale patch from an older patch collection. ... Unfortunately, WSUS no longer stores the patches in a friendly file name format, but all the patches are saved right there in the WSUS directory. ...
  • RE: When is a Security patch not a patch?
    ... I would be curious to see some other organizations Patch Management ... When is a Security patch not a patch? ... Starting 2 months ago I indicated to the admins (this was approved my ...
  • Re: Patch Management on Critical Servers (Healthcare)
    ... They run the listserve that discusses patch management platforms and patching issues. ... Knock on wood, it has run beautifully, and keeps our desktops and servers patched. ... We aren't regulated as much as the healthcare field, but do still have standards to meet for state and federal funding. ...
  • Re: Patch Management on Critical Servers (Healthcare)
    ... Some key items to remember is that testing of the patch must be done in a separate environment from production. ... Patch Management on Critical Servers (Healthcare) ...
  • SUMMARY: solaris patch management
    ... I'm a little concerned that Sun is being pressured by "marketing" into ... new patch management schemes. ... implement patch management schemes that suit our sites rather than be forced ... Straight off I see that PatchPro Interactive and PatchPro Expert are useless ...