Microsoft Patches

Hi all,

I was wondering how you/your company handles deployment of microsoft
patches on validated systems? what i’m wondering is are you
automatically installing patches as they’re rolled out on qualified
servers/workstations, or are you holding the patches until they’re

I know i’m going to get the ‘do a risk assessment’ answer (obviously
what the patch indends to fix needs to be evaluated and tested
appropriately on the application(s) IF deemed necessary). but i wanted
the rollout process and rationales/concerns.


At my current company, they roll them out as they come out. The
justification is that delaying them is probably more risky than applying
them. The OS is also considered the “black box” under the applications.

Of course, some day a patch may affect a program. Oh wait, that’s
happened–a security patch apparently has broken certain functions of our
EDMS when it’s accessed via web browser (the primary method people use to
access the system). If we use our Citrix client, it’s fine. Except for
those few functions when generating a workflow, the rest of the system works
with the patches in place.

So, that’s one way it’s being done.