Pauli commented in “is there a Microsoft approved way to keep our boxes patched up?“


Yes, actually



If you use, like he does, only uses Windows Update and MBSA, you’ll miss the asp.net vulnerability mitigation patch and the ISA server patch and some “fix up“ patches like our Exchange 2003 sp1 post patch. 


For Pauli, I’d recommend continuing what he’s doing, WU and MBSA, but add visiting that Download page.  I do need to ping back to Microsoft that the ISA server patch isn’t yet listed on that page but it was “just“ rereleased the other day to fix up an issue that they were having.


There is currently a public beta going on of something called WUS or Windows Update Services but its a BETA, at this time does not include SQL server or ISA server, and SHOULD NOT under any circumstances be run on a production box.  We’re still on our way to “patch heaven”.   We’re not there yet, so we’ll have to be a bit more patient.  Aligning all the products to use two patch engines and getting them into a “one engine” patch mechanism has taken time.


I personally would recommend that you check out Shavlik.com’s HfnetchkPro.  It’s still my way way way preferred method of patching.  Through the kindness of their hearts they offer a free version that patches 1 server, 10 workstations.  About three years ago or so, I bought and put on maintenance their Hfnetchpro.  You’d have to pry my dead fingers off that interface.  I do wish they would have a per seat pricing structure, but even the 25 user version is only $24 per computer.  Look at it that way, and my data is way worth more than $24!  I do a combo of HfnetchkPro AND the download page to keep me patched up.


Thanks Pauli for the comment and I hope this helps?

 

One Response to So you think you are patched, revisited

  1. Pauld says:

    Thanks for the tips, didn’t realise the SBS community provided personalized blog responses 🙂