Do you push non-security patches? (i.e. hotfixes, product updates, etc.)

I work for an organization with about 11,000 computers, and we are switching from Altiris/SMP to SCCM. We've always struggled with pushing patches in SMP, and have experienced a lot of issues with their patching product (especially lately). Now I've always
been a big proponent of preventive maintenance, so I have always been on the side that we should push hotfixes, and product updates, along with security related patches. Unfortunately we have had a bad spell with patching lately, and I am starting to rethink
this strategy.
I was curious what the general consensus is. We don't have a lot of time for patching, and I am worried the issues with non-security patches are going to distract us away from patching that really is critical. Basically consider anything that has
a severity rating of 'none'.
So what is the general consensus; do you only push security updates, or do you push non security updates too?
Appreciate your time.

in our organisation (45,000 workstations), we adopted ConfigMgr and Windows7 at the same time.
(we migrated from WinXP and HP CA / Radia).
When we did this, I made the decision "if there's a patch in the catalog, and it's Required on at least 1 PC, we will acquire/test/release it".
This doesn't include "hotfixes" since those aren't published into the WSUS feed from MU, nor does it include "CU's" for Office.
(Almost) Everything in the feed is what we do, as long as it passes our testing protocols. Some things, we skip. (stuff like MSRT and CheckSUR). We also skip stuff that doesn't apply in our locale (Australia), e.g. the EU stuff, and Japanese pop words dictionaries.
We have Win7, Win8.0, Win8.1. 32bit and 64bit. Office 2007/2010/2013. We have IE8/9/10/11. We have no WinXP.
I don't cover patching for WindowsServer (that's a different team, and they don't use ConfigMgr at all).
It seems to me (and I'm convinced that I'm not alone), that MSFT have accelerated the release cycle of a lot of patches since Win8 was released, largely dropped the concept of ServicePacks, and, there are shorter cycle-times now (which surely must mean there
is less testing being done at MSFT).
So I'm not overly surprised that in the last 6 months there have been quite a few patches released then withdrawn then revised.
Even those with Security/Severity ratings.
I'm still in favour of releasing non-security updates to our estate, so that's what I do.
But, patching = change, and change=risk. Some risk mitigation is addressed by testing, but we can't test every feature of everything.
Not patching is also a risk. (how long will you put up with the internal noise about those really annoying defects?)
Don
(Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

Similar Messages

  • Can you add the security patch to iphone 5 without updating to ios7? i want to keep ios6

    can you add the security patch to iphone 5 without updating to ios7? i want to keep ios6

    Updating the iOS will Install the most current Version.
    Suggest you use iTunes on your Computer to Update from 6 to 7.
    See the Using iTunes Section Here...
    How to update your iPhone, iPad, or iPod touch

  • HT1338 Hi, I'm trying to load Facetime on my MacBook and it says "You are missing a critical security patch. Please use Software Update to install Security Update 2010-005". I've checked and all my software is updated. What do I do?

    Hi, I'm trying to load Facetime on my MacBook and it says "You are missing a critical security patch. Please use Software Update to install Security Update 2010-005". I've checked and all my software is updated. What do I do?

    First off, iOS 5 will not run on Macs.   You need to give us your Mac OS X on your Mac to determine which security update you need.  Go to Apple menu -> About This Mac.     And then read the link here:
    http://support.apple.com/kb/HT1222

  • How to apply Security Patch

    How do I apply the "DOS Attack" security patch for WLS 6.1 on Win2K
    Please help
    Thanks

    Balram,
    Put the jar file in the front of your classpath to apply the patch.
    Regards,
    Michael
    Stephane Kergozien wrote:
    Hi Balram,
    You will find security patches for WLS 6.1 in the following URL
    http://dev2dev.bea.com/index.jsp
    advisories and notifications Paragraph
    Regards
    Stephane
    Balram wrote:
    How do I apply the "DOS Attack" security patch for WLS 6.1 on Win2K
    Please help
    Thanks--
    Regards,
    Stephane Kergozien
    BEA Support--
    Michael Young
    Developer Relations Engineer
    BEA Support

  • Applying advisor security patches

    HOw do you implement advisor security patches on WLS 8.1
    Max

    When i am applying getting bellow error
    Oracle Home : /usr/app/oracle/product/11.2.0/client_1
    Central Inventory : /usr/app/oraInventory
    from : /etc/oraInst.loc
    OPatch version : 11.1.0.6.6
    OUI version : 11.2.0.1.0
    OUI location : /usr/app/oracle/product/11.2.0/client_1/oui
    Log file location : /usr/app/oracle/product/11.2.0/client_1/cfgtoollogs/opatch/opatch2013-05-29_15-35-07PM.log
    Patch history file: /usr/app/oracle/product/11.2.0/client_1/cfgtoollogs/opatch/opatch_history.txt
    ApplySession applying interim patch '16504136' to OH '/usr/app/oracle/product/11.2.0/client_1'
    Running prerequisite checks...
    Prerequisite check "CheckApplicable" failed.
    The details are:
    Patch 16504136: Required component(s) missing : [ oracle.bi.biinst, 11.1.1.6.0 ]
    ApplySession failed during prerequisite checks: Prerequisite check "CheckApplicable" failed.
    System intact, OPatch will not attempt to restore the system
    OPatch failed with error code 74
    [oracle@PDC-CRM-BI01 16504136]$ OPatch failed with error code 74

  • HT6147 If my iPhone and iPad both say I have  7.0.6 and under "General",  "Software Update" I receive the message "iOS  7.0.6  Your software is up to date" can I assume that the security patch has been installed and activated?

    If my iPhone and iPad both say I have  7.0.6 and under "General",  "Software Update" I receive the message "iOS  7.0.6  Your software is up to date" can I assume that the security patch has been installed and activated?

    Yes, you have the Security patch.

  • Best Non secured card for me using transunion ....

    im looking to get a non secured card. my transunion score is 621. i have two baddies on my report (Loan and Lease) 5 months old and 2 years old.   was approved for secured capital one which im waiting for it to report.  i was hoping to get a non secured cc or store cc. any suggestions  etc. thnk you

    moneyshot23 wrote:
    im looking to get a non secured card. my transunion score is 621. i have two baddies on my report (Loan and Lease) 5 months old and 2 years old.   was approved for secured capital one which im waiting for it to report.  i was hoping to get a non secured cc or store cc. any suggestions  etc. thnk youThe baddie is too recent for Barclays.  I'd stay away from thme until at least a year.  Are there any particular stores you like to shop at?

  • Security Patches List

    Hi All,
    Can someone suggest the place where I can get the list of security patches published for Solaris 8, 9, 10 operating system from its inception?
    Regards,
    Jeevan

    Hi All,
    Currently i am looking for the list of non security patches released by microsoft during years 2007 to 2009.
    I am aware that most of these patches are very old and newer version (superseeded) patches have been released by microsoft.
    But i have a very specific requirement from our business client to make these patch list available.
    Please assist me in getting the list of patches for the mentioend period .(any link or KB containing corresponding list will do)
    Thanks in adavance :)
    For non-security updates, I only know of these lists (which includes Security updates too)
    Description of Software Update Services and Windows Server Update Services changes in content for 2014
    http://support.microsoft.com/kb/894199
    (refer to the "References" section for other related articles/years)
    -=-=-=-
    Updates from Past Months for Windows Server Update Services
    Displayed by past months, this page lists all new, revised, and rereleased updates for Microsoft products other than Windows (for example, Microsoft Office).
    http://technet.microsoft.com/en-us/windowsserver/bb456965
    (monthly/yearly articles)
    Don
    (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
    This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

  • Creating new databases after latest security patch applied

    10.2.0.4
    If I create a database AFTEr applying the opatch for the October 2009 security patch, do I need to also run:
    @catbundle.sql cpu apply
    Or is it included in the create database? I use the DBCA to create new databases.

    user8574962 wrote:
    This is what Oracle states on metalink doc id: 422303.1
    Once the bundle patch or the Critical Patch Update (CPU) patch is applied on an ORACLE_HOME should you run post-installation scripts for every newly created Oracle database using the same ORACLE_HOME?
    Solution
    This should be documented in the patch's README as the answer will vary with each patch.
    If the patch's README is not documented, then the Post Install tasks should be run.
    And this is what the OCTCPU09 README says:
    3.3.3 Post Installation Instructions for Databases Created or Upgraded after Installation of CPUOct2009 in the Oracle Home
    These instructions are for both non-RAC environments and RAC environments when a database is created or upgraded after the installation of CPUOct2009.
    You must execute the steps in Section 3.3.2.1, "Loading Modified .sql Files into the Database" for any new database only if it was created by any of the following methods:
    Using DBCA (Database Configuration Assistant) to select a sample database (General, Data Warehouse, Transaction Processing)
    Using a script that was created by DBCA that creates a database from a sample database
    Hope that helps.Point taken that it could vary by patchset, but those particular instructions quoted square exactly with what I had said. To quote with emphasis:
    "You must execute the steps . . . for any new database *only if* it was created by any of the following methods . . ."
    And what are those methods? Creating the database from a sample (pre-patch) database. If one uses dbca to create a 'custom' database, the resulting scripts will start from scratch with a CREATE DATABASE command - no pre-patch version sample or seed database involved.
    :-)

  • Missing Security Patches

    1) Are there any useful facilities for admins or auditors to idenitfy misisng security patches associated with oracle EBS and supporting infrastructure? I know there are websoites saying which patches are out there but I could do with some sort of "this is what you are missing" type reports.
    2) Do Oracle have any useful whitepapers on best practice patch management for EBS, i.e. how to test, steps for restore if its affects anything etc.

    Hussein Sawwan wrote:
    release 12 EBS, 11g Oracle.The release does not matter here.
    Do any of the links you provide produce a missing patches report that would be easy to read for management/non EBS adminsYes.
    Patch Wizard FAQ [ID 976688.1]
    New Required Patches for Patch Wizard, Patch Manager, and Oracle Application Change Management Pack for Oracle E-Business Suite Releases 11i, 12.0, and 12.1 [ID 1267768.1]
    Patch Wizard Overview Videos [ID 1210479.1]
    Patch Wizard : Overview [ID 1077813.1]
    Diagnostics Toolbox: Recommended Patch List and Patch Wizard [ID 1196135.1]
    Oracle Applications Patching Procedures
    http://download.oracle.com/docs/cd/B53825_03/current/acrobat/121adpp.pdf
    http://forums.oracle.com/forums/search.jspa?threadID=&q=Patch+AND+Wizard&objID=c3&dateRange=all&userID=&numResults=15&rankBy=10001
    http://search.oracle.com/search/search?search_p_main_operator=all&group=Blogs&oq=Patch+Wizard&x=0&y=0&q=Patch+Wizard+weblog%3A%3DstevenChan+site%3Ablogs.oracle.com
    Thanks,
    HusseinThanks Hussein,
    I am going to read through those links, but could you do me a bit of a cheat sheet on how to get a report on all missing security patches for our EBS and supporting infrastructure, and what it will look like. I.e. a basic 1-5 steps on where to get this report.

  • SSO to ITS through WebSEAL gives secure/non-secure messages

    Hi
    We running the following setup:
    EP6 SP14
    Stand-alone ITS 6.20 patch 18
    4.7 R/3 Enterprise
    TAM/WebSEAL 5.1
    We are running SSO through WebSEAL to the portal and everything seems to be working just fine.
    But when we try to access a transactional iView or an IAC iView running on the ITS server I get a pop-up message saying "This page contains both secure and nonsecure items."
    We are accessing WebSEAL through HTTPS, we are running HTTPS between WebSEAL and the portal and HTTP between WebSEAL and ITS.
    I have tried to access the ITS through WebSEAL without using the portal, and I still get the message. So it must be something between the WebSEAL and the ITS server.
    Does anybody have any ideas what is causing this?
    Cheers,
    Jacob Vennervald

    The "secure and non-secure" message, displayed when accessing ITS through WebSEAL when using IE and HTTPS, is caused by an empty source reference (<IFRAME ... SRC="" ...>) within the ITS menu page (...d_menu.html).
    The integration guide, available on the <a href="http://www-1.ibm.com/support/docview.wss?uid=swg24003605">IBM website</a> and the <a href="http://www.sdn.sap.comhttp://www.sdn.sap.comhttp://www.sdn.sap.com/irj/sdn/developerareas/ibm">SAP SDN</a>, contains the information on how to stop the message from appearing.
    The message should not be displayed when accessing ITS through WebSEAL using HTTP.
    Regards,
    Peter Tuton.

  • Secure and non-secure access to the web application in one war

    Say we have one web application (in one war) which includes JSP, servlets and the security intercepter. There is one business requirement to have most of the JSP(s) accessed via HTTPS, but a few JSP(S) accessed via HTTP.
    My questions are:
    a. Is this possible, or a reasonable requirement or a good practice?
    b. if yes, what can we do to make it happen in the security intercepter implementation?
    c. If not, what is the technical reasons?
    Thanks much.

    a) Yes its is reasonable and good practive, there is an overhead using https, so you should only encrypt file you need to. When you use an online store, only account details / payments are https, the shop itself is http
    b) I dont really understand your difficulty. You can define a folder as 'secure' and put all your secure pages in this folder, leaving non secure files in a different folder. Whenever a page in the secure folder is accessed, https is automatically invoked.

  • Webi scheduling error in BO 4.0 SP04 after security patch updates in windows server 2008 R2

    We are getting  below error in BO 4.0 SP04 Web Intelligence report scheduling after security patch updates in windows server 2008 R2
    while trying to invoke the method com.businessobjects.sdk.core.server.IServer.getServerContext() of an object returned from com.businessobjects.rebean.wi.impl.services.DocumentInstanceManagementServiceImpl.getServer(com.businessobjects.sdk.core.context.IContext, com.businessobjects.rebean.wi.model.engine.IDocumentInstance)
    We have reverted back security patch but still giving above scheduling problem in  BO 4.0 SP04 WebI and we can view and refresh report.
    Is there any way to fix the scheduling problem in BO 4.0 SP04 WebI?

    HI,
    Check SAP notes if they will help you.
    1934855 - Scheduled Web Intelligence documents fail with com.businessobjects.sdk.core.server Error
    1916443 - Scheduling Web Intellignce reports which are having long names to excel and pdf fails.
    1792921 - Unable to schedule Webi documents in Excel or PDF format

  • Hi, I don't know how to find a specific security patch to apply to my Oracle database version to fix a vulnerability

    Hi, I don't know how to find a specific security patch to apply to my Oracle database version 11.2.0.2.0 (on windows server 2003 32 bits) to fix the following vulnerability:
    Risk: High
    Application: oracle_tnslsnr
    Port: 1521
    Protocol: tcp
    Synopsis:
    It is possible to register with a remote Oracle TNS listener.
    Description:
    The remote Oracle TNS listener allows service registration from a remote host. An attacker can exploit this issue to divert data from a
    legitimate database server or client to an attacker-specified system.
    Successful exploits will allow the attacker to manipulate database instances, potentially facilitating man-in-the-middle, sessionhijacking,
    or denial of service attacks on a legitimate database server.
    Solution:
    Apply the work-around in Oracle's advisory.
    Thank you for your help

    2835604 wrote:
    Hi, I don't know how to find a specific security patch to apply to my Oracle database version 11.2.0.2.0 (on windows server 2003 32 bits) to fix the following vulnerability:
    Risk: High
    Application: oracle_tnslsnr
    Port: 1521
    Protocol: tcp
    Synopsis:
    It is possible to register with a remote Oracle TNS listener.
    Description:
    The remote Oracle TNS listener allows service registration from a remote host. An attacker can exploit this issue to divert data from a
    legitimate database server or client to an attacker-specified system.
    Successful exploits will allow the attacker to manipulate database instances, potentially facilitating man-in-the-middle, sessionhijacking,
    or denial of service attacks on a legitimate database server.
    Solution:
    Apply the work-around in Oracle's advisory.
    Thank you for your help
    that sounds like the "tns poison" vulnerability.  CVE 2012-1675 - Oracle Security Alert CVE-2012-1675
    See MOS note 134083.1  and 1453883.1

  • Your system is missing a critical Windows security patch (MS12-020) required to gain access to this system

    Hi,
    I am trying to install VPN Client from my client site. While installing i am facing the below error.
    Your system is missing a critical Windows security patch (MS12-020) required to gain access to this system. Use the link below for more information on installation, or open Windows Update and install all available critical updates. When you're finished updating
    your system, log out and try again. If you're still having problems, contact your system administrator.
    http://support.microsoft.com/kb/2621440
    I went through all the related sites but still i did not find any solution. Under Windows installed updates i could see the security update for Microsoft windows (KB2621440). If its already exist why it is not taking this security patch? 
    Kindly guide.
    Best Regards,
    Yadav Kankanwadi

    Hi,
    Based on Microsoft Security Bulletin MS12-020, this security update resolves two privately reported vulnerabilities:
    KB2621440 and KB2667402.
    http://technet.microsoft.com/en-US/security/bulletin/ms12-020
    Thanks!
    Andy Altmann
    TechNet Community Support

Maybe you are looking for