Re: Microsoft Please re-evaluate your rating system.

From: Joe Richards [MVP] (
Date: 09/09/03

Date: Mon, 8 Sep 2003 19:59:26 -0400

You should be going through internal classifications yourself as there is no one better to judge your company's risks
than yourself. Most likely if you are like the company I work for currently, you will have several classifications for
each of the patches depending on the types of machines i.e. clients versus servers, internal servers versus DMZ or
extranet servers, etc. Also something that could be critical for one company may have no impact at all to another
company. MS's ratings are best guess across the majority of their customer base which includes home PC's as well as

The last "critical" patch for servers that I have seen that I thought was critical and required immediate action was the
RPC patch - MS03-26 in which I personally patched the 400 or so servers I was directly responsible for globally within
48 hours of the notification. There are thousands of other servers around the company that I am not responsible for that
were patched at varying times depending on the apps and the times the machines could be rebooted.

Joe Richards
"Chuck Richards" <> wrote in message news:4d4e01c3764e$a3644510$a601280a@phx.gbl...
> Sorry to gripe about this but with so many "Critical"
> patches from Microsoft it is impossible to properly asses
> the impact of each of the hotfixes.  Every time Microsoft
> declares a patch "critical" it means to me at least two
> more weeks of unproductive time for my team while they
> patch servers.
> In my assesment it looks like we could reclassify 80% of
> these 'critical' patches as 'significantly important' and
> leave the 'crtital' rating for the 20% of patches that are
> drop-dead urgent, do it now!
> chuck richards
> OTIS Elevator

Relevant Pages