Quote:
Originally Posted by wodin
Large organizations don't just take Microsoft's patches on faith, they often have proprietary software or unique architecture that can be broken by a patch.
Typically, when a patch is released they will delay installation until it can be thoroughly tested in their environment, and only then will it be deployed across the enterprise. This will often delay implementation of a patch by days or weeks. I'm not sure if that was the case this time, but...
|
When MS releases a critical security patch, you either install it. Or face the results. There's a REASON it's a critical security patch.
I work in a mid-size organization with a fairly diverse set of hardware and software across a dozen countries. I also work in a small business environment with a VERY diverse set of software but mildly diverse hardware. And I work _with_ one of the largest and most diverse organizations in the world running Microsoft OS's. At all three, we install patches. Full stop. Each has a somewhat different protocol for installing, but every single one gets critical security patches installed within a matter of a few days.
As for XP? There is zero excuse for allowing an XP machine to be connected to an external network these days. And, frankly, at none of those three organizations would we allow one to be connected to our network. That being said, a case can be made for a legacy, busines-critical LOB app but only if it's sitting on an isolated machine. If your app is mission critical, then update it to an OS that was released more recently than 15 years ago! In the case of the UK's NHS? Many didn't even have BACKUPS! With PATIENT DATA ON THEM. That is just inexcusable.
I've been in IT for >30 years. I've heard every excuse under the sun.