Re: Patch confusion
From: David Wang [Msft] (someone_at_online.microsoft.com)
Date: 03/22/04
- Next message: Dee: "IIS printer folders removed by SUS installation"
- Previous message: Raffaele: "IIS 6 Problem"
- In reply to: Jay: "Patch confusion"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 22 Mar 2004 04:12:14 -0800
Service Packs are cumulative. How patches roughly work is this:
- Service Pack are rollup of everything released prior to it.
- QFE are point-fixes for certain issues and may add/remove
functionality/fixes of other QFE since the last Service Pack on rare
occassions
- Security Rollup is a like a mini Service Pack of just the security-related
fixes, all integrated (addresses the QFE rare issues)
The reason it is complicated is because customers are complicated. Some
customers want point-fixes for issues and infrequent Service Pack rollups.
Others only want cumulative security fixes augmented by infrequent Service
Pack rollups. Still others just want to have the latest all the time, and
others want very infrequent Service Pack releases. To make as many people
happy, patches are what you see, and nothing is compulsory.
For people who don't want to manage all this, Windows Update should handle
it all. On clean OS installs, I usually go to Windows Update and pick up
the latest Service Pack first. Then, I start selecting all security rollups
and install them, and then individual security patches in chronological
order. Last, I go over all the non-mandatory updates to see if I want any of
them.
As for securing an IIS box -- patches are only part of the story. You are
still responsible for configuring your server securely, balanced against
usability and functionality. Security patches are merely fixes made by
Microsoft to close unexpected issues and assumes you have secured your
server (i.e. patches do not secure your server ; patches mitigate particular
vulnerabilities and says nothing about your server's security).
-- //David IIS This posting is provided "AS IS" with no warranties, and confers no rights. // "Jay" <contij@jbb.com> wrote in message news:2E816EA7-F87C-4FFA-B891-9EE86F00712B@microsoft.com... Just installed Win2k server with IIS 5.0, ran windows update, OS is now at service pack 4. I've downloaded several of the IIS 5.0 patches posted in technet, all seem to req. service pack 2. Does this mean the service pack 4 I'm on now has all the necessary security patches in place. Is there anything else I need to do to secure this IIS box ? Many thanks.
- Next message: Dee: "IIS printer folders removed by SUS installation"
- Previous message: Raffaele: "IIS 6 Problem"
- In reply to: Jay: "Patch confusion"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
