Patch Management: Windows
Microsoft releases Windows security updates on the second Tuesday of every month. An automated patch schedule for the managed Windows servers applies these patches in a timely fashion.
This article applies to: Managed Servers
Monthly Windows Updates
The best practice is to apply Microsoft patches at the earliest convenient time and not risk a system compromise. In many cases, the Windows Team will propose a time for your server based on server criticality you determine, and staff resources. When deciding on a time slot, please take these factors into consideration:
- The system remains operational during the patch install. The system is rebooted after maintenance. This reboot causes a 4-5 minute outage.
- Patch deployment may not be necessary every month if the vulnerabilities identified do not apply to our servers. However, in the event that no patches are needed, the servers will be rebooted every month, unless there is a customer need to remain available. With the large number of patches from Microsoft, you should assume that there will be critical patches every month and that patches will need to be installed with a reboot to follow.
- There is a risk that something won't function properly after the updates. This is very rare and in most cases, a patch can be uninstalled. The patching schedule takes this risk into consideration, and patches are applied to test, development, and non-critical systems first to mitigate potential failures.
If you have any questions, send e-mail to email@example.com.
Patching Time for Servers Assigned to You
You can see the patching times for the servers assigned to you on this page: http://sfinfo.cit.cornell.edu/sfinfo_app/htdocs/areamgrpatch_win.php. The Area Manager and technical contacts can modify the patching times.