You will probably hear from time to time that a security bug was detected in a Microsoft product that you use. Most of the times, a fix/patch is released within a few days of its discovery. Do not install any of these patches before doing extensive testing. Often, these bugs will have little or no effect on your BizTalk solution, and since Microsoft rarely does regression testing on their patches, they can often do more harm than good.
Keep your ear to the ground in the weeks following the release of a patch. If the signals are OK and you are convinced that you need to install the patch, install it on the test environment, do the necessary regression testing, and if no problems occur, you can release it to the production environment.You should accompany every patch with a protocol that should at least describe:
■ On which servers it needs to be installed.
■ How the patch should be installed.
■ What tests should be performed to confirm that the patch is installed properly.
■ How the patch can be uninstalled in case it causes problems.
You can find information on Windows-related updates, patches, and service packs at http://windowsupdate.microsoft.com. Every Windows version comes with a Windows Update utility that helps to automatically detect which available updates are not installed on your system. Never use this utility directly on the production servers, and never do any type of product update over the Internet from them. Additionally, Microsoft delivers a tool called "Windows Critical Update Notification" that checks frequently if there are new updates available. This is a handy tool, but again, never install it on production servers. Avoid any circumstance that can change the installation of the production servers. Instead, place an "Update" server in the demilitarized zone that has all applications in use installed on it. Let this server run the Update Notification programs to keep you informed about the available updates.
Was this article helpful?