Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3006
Views
10
Helpful
7
Replies

Windows Patching Frequency Best Practice

Mark Cockrell
Level 1
Level 1

‎09-24-2018 04:44 AM - edited ‎03-15-2019 06:41 AM

I wanted to inquire how often everyone is applying Windows OS Patches to their UCCE Windows VM's?  (e.g. Monthly/Quarterly/Semi-Annually/etc)  

 

For the partners out there with managed service practices, when you on board a new customer how often do you recommend patching to occur?

 

The current standard in my organization is monthly patching of windows systems, but with all UCCE Servers sitting in private IP space behind a firewall this seems overly aggressive and burdensome while only adding marginal benefit / risk mitigation.

Labels:
0 Helpful
7 Replies 7

Chris Deren
Hall of Fame
Hall of Fame

‎09-24-2018 05:19 AM

I have seen this all over the board, my recommendation is quarterly unless there is a critical security vulnerability then do that ASAP.

david.macias
VIP
VIP
In response to Chris Deren

‎09-24-2018 10:02 AM

For huge organizations monthly seems to be standard. I prefer a quarterly approach, specially if you patch your lab first and then production.

 

david

Blog
0 Helpful

tzunt
Level 1
Level 1
In response to Chris Deren

‎08-26-2020 01:04 PM

We patch the Windows servers of UCCE every 60 days, tonight in fact.  Lab first, then we schedule a production Side B window.  We test & run active for a day on Side B servers, then we patch side A.

0 Helpful

Shalid Kurunnan Chalil
Spotlight
Spotlight

‎09-24-2018 12:49 PM

Hi,

 

Cisco doesn't say any thing particular about it. It's based on the client requirement. We have been doing the monthly patch update on all ucce windows server end of every month. Weekend after the Microsoft patch / security update release we apply in our treat servers and monitor for one week. Then if don't see any issues then apply in the production servers followed by controlled reboot process. 

 

So far couple of times we faced issue with update where recent one Microsoft itself release bug fix.  Other one we have removed the specific kb from the server. 

 

 

0 Helpful

jessie.chan
Level 1
Level 1
In response to Shalid Kurunnan Chalil

‎08-26-2020 08:17 AM - edited ‎08-26-2020 08:18 AM

@Shalid Kurunnan Chalil  Can share more how you identify the specific problem KB and remove it after installing the list of update?  Many thanks!!

0 Helpful

Shalid Kurunnan Chalil
Spotlight
Spotlight

‎09-24-2018 12:50 PM

Hi,



Cisco doesn't say any thing particular about it. It's based on the client requirement. We have been doing the monthly patch update on all ucce windows server end of every month. Weekend after the Microsoft patch / security update release we apply in our treat servers and monitor for one week. Then if don't see any issues then apply in the production servers followed by controlled reboot process.



So far couple of times we faced issue with update where recent one Microsoft itself release bug fix. Other one we have removed the specific kb from the server.



0 Helpful

bill.king1
VIP
VIP

‎09-25-2018 04:30 AM

As others have said, quarterly seems the better way to go if you can, as far as minimizing impact, etc. Plus, it gives any potential bugs or changes in behavior that the patches themselves introduce time to work themselves out.

Also, don't forget other things that are patched in addition to Windows, and the impact that those items can have for you as well (Java for instance).

Customers Also Viewed These Support Documents