Quote:
Originally Posted by wodin
Large organizations don't just take Microsoft's patches on faith, they often have proprietary software or unique architecture that can be broken by a patch.
Typically, when a patch is released they will delay installation until it can be thoroughly tested in their environment, and only then will it be deployed across the enterprise. This will often delay implementation of a patch by days or weeks. I'm not sure if that was the case this time, but...
|
I once burned the midnight oil at an employer helping to clean out a virus infestation. The employer was not enforcing Windows updates. The virus got in through a vulnerability that had been patched months previous, but the patch had never been applied to the machine that was the vector. They rethought their policy on enforcing patches.
(I wound up being sent home via car service, because commuter rail had stopped running. I just told the driver "Wake me when we get there.")
Somewhat later we got acquired and merged, and new corporate parent provided the budget to do a company wide upgrade. Everyone got a WindowsXP box with a standard image including then current MS Office. Despite it being a pain to
do the rollout, I was all in favor. While I was mainly the *nix admin, I supported desktops when I didn't duck fast enough, and I had Win98SE, WinNT Workstation, Win2K, and WinXP in my area of responsibility. The 98SE machine was a special source of pain, because the user needed to access one of my Solaris boxes as part of what he did. "Sorry, can't. Win98SE doesn't support the authentication needed to let his workstation connect via Samba..."
Getting the budget to
do the upgrade was amusing. It was implemented in stages, and a lot of it was buried in "merger and acquisition" costs. It was explained that shareholders
expected various costs when M&A happened, and it was all about not affecting the stock price, so the amount spent to do a much needed IT infrastructure upgrade was most tucked away in the details of the financial statements. (If I were a savvy shareholder of the parent company, I'd have blanched at the condition of the IT infrastructure in the newly acquired subsidiary, and been all in favor of investing the money to rationalize it.)
And part of the infrastructure issues was a legacy of my employer being the acquirer before the tables got turned, and there was a variety of legacy stuff around picked up when we bought a company with no attempt to fit it in. I raised a fuss at one point saying "We need to draw a line on what we support. When I spend half a day trying to resolve a problem with a program that has
one user, there are other more widely used programs in the company that do the same thing, but the user in question wants to do what she's always done the way she's always done it, and doesn't want to make the effort to learn to use the same program everyone else does, and we don't say "Too bad. Life goes on. Things change. You have to change with them.", there's a problem. I have other arguably far more important things to do, and this is a waste of my time."
______
Dennis