International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 – 6367(Print), ISSN 0976 – 6375(Online) Volume 3, Issue 1, January- June (2012), © IAEME 250 PATCH MANAGEMENT AND ANALYSING STRATEGY FOR MICROSOFT BULLETIN SECURITY A.Sankara Narayanan 1 , M.Syed Khaja Mohideen 2 , and M.Mohamed Ashik 3 Department of Information Technology, Salalah College of Technology, Salalah, Oman sankar2079@gmail.com , mohamed.syedkhaja@gmail.com , mohamed_ashik@yahoo.co.uk ABSTRACT As many realize, patching computers is a fact of life as part of the defense in depth security strategy. While it is essential to protect company IT assets from attack, patching vulnerabilities is only one part of the risk equation. System administrators consider the patching process to be a single step that provides a secure computing landscape. In reality, the patching process is a continuous cycle that must be strictly followed. Each step in the process must be tuned and modified based on previous successes and failures. Security fixes and feature improvements don't benefit the end user of software if the update mechanism and strategy is not effective. This paper is written for information technology managers and system administrators who want to automatically and securely keep all the computers in their network up-to-date with security patches and other updates. This paper presents one methodology for identifying, evaluating and applying security patches in a real world environment along with descriptions of some useful tools that can be used to automate the process. KEYWORDS Patch Management, Diffing, Security Patch, Patch Analyzer 1. INTRODUCTION Microsoft Patches usually released on the second Tuesday of each month. Starting with Windows 98, Microsoft included a "Windows Update" system that would check for patches to Windows and its components, which Microsoft would release intermittently. With the release of Microsoft Update, this system also checks for updates to other Microsoft products, such as Office, Visual Studio and SQL Server. Patch Tuesday begins at 17:00 or 18:00 UTC. Sometimes there is an extraordinary Patch Tuesday, 14 days after the regular Patch Tuesday. There are also updates which are published daily (e.g. definitions for Windows Defender and Microsoft Security INTERNATIONAL JOURNAL OF COMPUTER ENGINEERING & TECHNOLOGY (IJCET) ISSN 0976 – 6367(Print) ISSN 0976 – 6375(Online) Volume 3, Issue 1, January- June (2012), pp. 250-257 © IAEME: www.iaeme.com/ijcet.html Journal Impact Factor (2011): 1.0425 (Calculated by GISI) www.jifactor.com IJCET © I A E M E