Three guys got together over pints in February 2009 and talked about how one of the issues facing Technical Professionals today is keeping their systems patched and up to date. This issue was brought up to them at a User Group meeting they were attending (Ottawa Windows Server User Group) where we were participating in an “Ask the Microsoft Guy” panel discussion.
Over pints at D’Arcy McGee’s, Pierre Roman, Bruce Cowper and I decided we would try to help solve the issue of information overload regarding patching and put together a timely podcast to go live each “Patch Tuesday”.
- Use plain English terms and every day language that any Technical professional can understand – minimize “corporate speak”.
- Breakdown each Security Bulletin with summary information first followed by more details as to the impact an IT Pro would face.
- Outline mitigation factors in case patches couldn’t be tested or applied in a timely fashion
- Keep it top 20 minutes OR LESS. This one is critical – Keep It Simple, repeatable and get out of the IT Pros way to get on with their day.
- Have fun!
Well – this is the 4th attempt and it’s 2 days after Patch Tuesday. We’re late. We got caught not being in the same city and got busy like technical professionals do and we ended up here. Sorry about that – we’ll try to not let it happen again. For the 5 of you listening – I’ll buy you a pint next time I’m in town.
Back to the update - have a listen directly from the embedded Silverlight player OR subscribe to the specific feed and download it to your iTunes / Zune software. There were a bunch of updates this month so we had lots to cover. We still ended up with some nice conversation at the end around lifecycle and patch deployment.
As always - if you have suggestions on making it better - please pass on your comments. Mail me directly – firstname.lastname@example.org
Subscribe to the podcast: (so you don't miss an episode)
Disclaimer: This podcast was produced with the best information available to us at the time of recording. Your primary source for all things Security Bulletin related should always be the Microsoft Security Response Center blog.
Bulletins discussed for June 9th, 2009:
- MS09-018 - addresses a vulnerability in Microsoft Windows (KB 971055) – rated Critical
- MS09-019 - addresses a vulnerability in Microsoft Internet Explorer (KB 969897) – rated critical
- MS09-020 - addresses a vulnerability in Microsoft Internet Information Services (KB 970483) – rated important
- MS09-021 - addresses a vulnerability in Microsoft Office (KB 969462) – rated critical
- MS09-022 - addresses a vulnerability in Microsoft Windows (KB 961501) – rated Critical
- MS09-023 - addresses a vulnerability in Microsoft Windows (KB 963093) – rated Moderate
- MS09-024 - addresses a vulnerability in Microsoft Office (KB 957632) – rated critical
- MS09-025 - addresses a vulnerability in Microsoft Windows (KB 968537) – rated important
- MS09-026 - addresses a vulnerability in Microsoft Windows (KB 970238) – rated important
- MS09-027 - addresses a vulnerability in Microsoft Office (KB 969514) – rated Critical
Podcast Participants: Pierre Roman, Bruce Cowper and myself.
Additional Technical Show Notes:
Microsoft Support Lifecycle page: http://support.microsoft.com/lifecycle
List by product families: http://support.microsoft.com/gp/lifeselect
Here is the official wording of the Security Update policy from Microsoft
Microsoft will provide security update support for a minimum of 10 years (through the Extended Support phase) for Business and Developer products. The security updates will apply only to the supported service pack level for these products.
Microsoft will provide security update support through the Mainstream Support phase for Consumer, Hardware, Multimedia products. The security updates will apply only to the supported service pack level for these products.
- Both the Mainstream Support and the Extended Support phases require that the product’s supported service pack level be installed to continue to receive and install security updates.
- Security updates will be available from Windows Update during the Mainstream Support phase, and the Extended Support phase (if available). Note that technical limitations in Microsoft Office 2000 require that it remain an exception to this process. Updates will be provided only through the Microsoft Download Center for the duration of its Support Lifecycle.
- Microsoft advises customers to install the latest product releases, security updates, and service packs to remain as secure as possible. Older products, such as Microsoft Windows NT 4.0, may not meet today’s more demanding security requirements. Microsoft may be unable to provide security updates for older products.