Security Controls

Guide to Surviving Patch Tuesday

Patch Tuesday affects us all. This section is intended to give a work flow for surviving the Patch Day experience.

The first tip to a successful Patch Day is to stay on top of what is being released. Ivanti provides out of the box support for a wide variety of vendors, and keeping up with what each product in your environment is doing can be a daunting task. Below are several sources that can be helpful in keeping up with what patches are being released and what that means for you.

XML Announcements

The single best source for information are the XML announcements. This mailing list notifies you when new XML is available. This covers all vendors Ivanti supports and is the easiest way to keep up to date on what new patches and products are being supported by Ivanti. You can subscribe to these automatic announcements using any of the following methods:

Email: http://www.shavlik.com/support/xmlsubscribe/

RSS: http://protect7.shavlik.com/feed/

Twitter: @shavlikXML

Previous XML announcements can be viewed by scrolling through the news feed located in the top-right corner of the Ivanti Security Controls home page.

Ivanti Blog

Another excellent source is the Ivanti blog (https://ivanti.com/blog). We typically provide a preview of new patches that are coming out as well as a round-up discussion of issues uncovered during the implementation of the patches.

Additional Resources

Just knowing what patches are available is great, but where can you go to get more in-depth information on what the real impact of the newly release patches is for your environment? Microsoft provides a free notification service to give you an idea of what is expected to release. They also provide an Exploitability Index that contains additional information about each patch.

Microsoft Technical Security Notifications:

https://www.microsoft.com/en-us/msrc/technical-security-notifications

Microsoft Exploitability Index Site:

https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1

Other vendors also realize the importance of a diligent patch management process. For example, Adobe provides a regular release schedule and ongoing security testing for many of its products.

https://helpx.adobe.com/acrobat/release-note/release-notes-acrobat-reader.html

https://helpx.adobe.com/adobe-connect/connect-releasenotes.html

Ivanti also provides a series of webinars on Minimizing the Impact of Patch Tuesday. This webinar series is typically hosted by a member of the Ivanti Data Team as well as Ivanti engineers who work with the products and customers on a regular basis. The webinars provide insight into each month’s patch releases and discusses their real world impact. You can sign up for the next session at the Webinars page.

https://www.ivanti.com/webinars

Now that you are up to your elbows in what Ivanti, Microsoft and other sources are telling you, let’s look to a vendor agnostic source. PatchManagement.org is a website created by security experts to provide a community for discussing all things patch related. This site provides the latest discussions on patches (Windows and Linux\Unix) by a wide variety of security experts. It also has great information regarding many patch vendors in the market. The goal of this site is patch management awareness and is meant to remain as vendor agnostic as possible.

http://www.patchmanagement.org

Related Topics

Console Software and Hardware Recommendations

Port Requirements and Firewall Configuration

Distributed Environment Management

Configuring Agentless Patch Management

Best Approach for Applying Patches in an Agentless Environment

Automating Patch Management in an Agentless Environment

Agent-Based Patch Management

Agent Rollout Options

Installing and Supporting Agents on Internet-Based Machines

Agent-Based Product Level and Patch Deployment Process

Microsoft SQL Server Database Maintenance

Performing Patching in a Disconnected Environment


Was this article useful?