Patch Management In The Enterprise, Part I

Introduction

It seems that everyone is doing the worm these days. No, we are not referring to the awkward break-dance move made famous in the 1980s, but rather to small bits of code written for the sole purpose of infecting as many vulnerable computers as possible. While many IT professionals are still cleaning up after the Zotob worm, we felt it would be an excellent time to reflect on a topic that should be near and dear to the heart of every system and network administrator: patch management.

For a lot of large IT organizations, patch management is still a relatively new concept. Many hadn't even contemplated a patching strategy until August 2003, when the MS Blaster worm ravaged the systems of the unprepared. Blaster utilized an RPC (remote procedure call) vulnerability in Windows systems, allowing it to spread like wildfire - it infected over eight million PCs worldwide. This crippled many organizations for weeks, while service packs and hotfixes were quickly tested and applied, often manually.

Everyone has heard the expression "time is of the essence," and it is certainly applicable to the world of patch management. The amount of time between Microsoft's release of a security advisory and the presence of a worm in the wild built to exploit said vulnerability is shrinking. Here are examples that show the trend:

  • MS Blaster Worm (2003): Appeared in the wild about a month after the advisory was posted by Microsoft.
  • Sasser Worm (2004): Appeared in the wild approximately two weeks after the advisory was posted by Microsoft.
  • Zotob Worm (2005): Appeared in the wild after only about a week after the advisory was posted by Microsoft.

The old fashioned virus doesn't even make the top three for most organizations.

These shrinking timelines put a lot of pressure on IT professionals to ensure that the tools and processes they have in place are capable of patching their workstations and servers quickly. The goal of this article is to look at common issues one might experience when trying to apply security patches and software updates in an enterprise-level environment, and how they can be addressed through either technology or manual process. In a follow-up article, we will analyze several patch management solutions on the market that your organization may be interested in using.