Charles
Wed Oct 22 07:16:44 CDT 2003
"Andy Hudson" <anonymous@discussions.microsoft.com> wrote in message
news:0ac601c3987f$639e67a0$a301280a@phx.gbl...
> I'm trying to compile lists of various patches I need to
> apply for different customer systems I administer.
> Trundling back and forwards through the list of various MS
> patches evaluating them is getting overwhelming.
> Do MS (Or anyone else) have the list of patches in
> spreadsheet form, with what OS/component they apply to, if
> they are included in any subsequent rollup or servicepack,
> how critical they are, any issues they introduce and their
> fix, etc.
> This would be a godsend.
> Regards,
> Andy
Andy,
I did this for about a year, but I spent as much time updating the
spreadsheet as I did downloading and installing patches.
Once patches started being released so frequently that one couldn't keep up
with the releases themselves, I gave up even trying to use the spreadsheet
and adopted the attitude that I would simply add the new patches (in most
cases) to the existing patch install routines, rather than try and remove
older patches as they became obsolete.
As we moved into third-party tools for patch distribution (currently
PatchLink), I began depending on the distribution mechanism to define what
patches were required for a given machine. I would patch with *all* patches
to patch level "x" at build, then allow the distribution tools to patch
moving forward.
If you want to create a sheet, I can give you a few tips. I created mine by
creating multiple sheets for OS, IIS (4.0 and 5.0 were separate), and SQL x
(My group doesn't work with desktops, so Office, Outlook, etc. are generally
superfluous).
Once I got to MS' security bulletin site, I would look up bulleting using
the appropriate filter (e.g.. IIS4, NT4 SP6a). I would then cut and paste
the results page into my spreadsheet. NOTE** I included procedural
bulletins as , so that if a bulletin called for a registry change, I would
have the information readily available should someone need it.
This would give me the bulletin number, it's title (description) and a link
back to the Security Bulletin. I added columns for such things as
criticality (for *our* organization, not necessarily the MS criticality), a
thumbnail of the vulnerability and it's associated risks, how to repair
(e.g. patch or registry change) and a column for supercessions.
I *never* deleted from the sheet, I would only add. This enabled me to view
any given patch, it's importance and it's status (current or obsolete).
It will take you several hours (days?) to create and organize the sheet, but
if you are depending upon scripts and batch files to distribute your
patches, it may be well worth the investment. Now that MS has gone to
releasing patches on a monthly basis, rather than willy-nilly, you may find
that devoting a day a month to reviewing and updating will be sufficient to
keep the spreadsheet (and hopefully, your systems) current.
I know this wasn't the answer you were hoping for, but it may give you some
ideas on creating a matrix that will meet your needs.
hth,
Charlie