Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: InfoSec Handlers Diary Blog - Offline Microsoft Patching InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Offline Microsoft Patching

Published: 2006-12-14
Last Updated: 2006-12-14 05:20:42 UTC
by Swa Frantzen (Version: 3)
0 comment(s)

Heise brings us "Offline Update 3.0" to do offline installations of Microsoft patches.

Read more about it at: http://www.heise-security.co.uk/articles/80682

Now this is a great concept. You can actually make a DVD to install the patches before you connect a PC (that's out of date on patches) to the Internet. If you think you can safely do that without this tool, take a second and think it through knowing that some of your friends needing a house call might have a USB connected DSL or cable modem and therefore not be using NAT, next take a look at the survival time and think how long it takes to get a windows system from original media to a fully patched status.

So, if you're going to visit parents, family or friends over the holidays, start your preparation now and make that disk today to take along. It'll improve the obligatory "Could you take a look at our computer while you're here?" response time dramatically and gives you a safe way to reinstall systems without a hardware based firewall.

If you have networks that you do not want to connect to the Internet cause the risks involved of doing that are just too big for the sensitivity of the involved data this might also become a way to patch those off-line machines.

Update: Simon wrote in mentioning AutoPatcher as an alternative solution.

Update: "Mads" reminded us Microsoft makes available ISO images with some of the patches on a monthly basis.

--
Swa Frantzen -- Section 66

0 comment(s)
Diary Archives