90% of workstations are running Windows. Malware, Ransomware, Trojan... All these security threats use Windows to make damages. Let see how you can protect yourself against them...
On the second Tuesday of each month, Windows releases a set of updates to fix some bugs or vulnerabilities. However, hundred vulnerabilities are discovered each day. Unfortunately, unless a big security threat is revealed, such as Specter or Meltdown, Windows will wait until the second Tuesday of the month to release a new patch to fix the discovered vulnerabilities...
We can't change this... However, what we can do is improve our patch management to reduce security risk! Here are some quick wins that will help you to maintain a good security level without big efforts.
- WSUS (Windows Server Update Service): This service allows you to distribute updates for Windows or other Microsoft components to all your environment with the same set of rules. Chosen updates are configured once and rolled out on the whole environment. This reduces management and increases security.
- SCCM (System Center Configuration Manager): This powerful tool will help you to manage updates on PCs, servers and mobile devices from a single management console. But it can do much more!
- GPO (Group Policy Object): With a GPO, you can prevent users from postponing or cancelling the updates. You can also schedule updates according to your convenience and avoid user complaints. Users will not even notice the updates whilst their systems are kept safe.
- Best Practices Planning (Dev, Test, Prod.): Because Windows releases updates on the second Tuesday of the month, we recommend you to deploy updates on development or test environment the next day. Regarding the production environment, you should wait one week to let updates make their "youth diseases". We recently had an example with Windows 7/Windows Server 2008 R2.
Deploying updates following the right schedule reduces the time your infrastructure is vulnerable to new vulnerabilities.
Let's use these tools wisely and increase our infrastructure's security!