Vulnerability Risk Mitigation - Patching the Microsoft Windows Environment

Vulnerabilities in Microsoft's products are being discovered with increasing frequency, and those who write code to exploit them are quick to take advantage of the opportunities presented by the defects. Well-known worms like Nimda and Code Red surface in response to previously known vulnerabilities for which known fixes exist. One of the administrator's ongoing challenges in fighting this problem is to maintain current patch level on all servers and workstations under his or her control. Even in very small networks comprised of only a few systems this task is not trivial; in larger networks the operation becomes daunting, given the sheer volume of machines to patch, downtime considerations, and available personnel to perform the updates. Automating this task is critical to keeping the environment protected. This manuscript discusses procedures for regularly patching a Microsoft Windows environment, beginning with a discussion what vulnerabilities are, how they find their way into developers' code, and why they have become such an issue. The balance of the paper presents a number of options for patching the vulnerabilities, using either freely available tools or products that require purchasing licenses.