Hosted Microsoft Application Level Vulnerabilities Remediation Over Servers Part 3…
Let’s discuss and understand how Microsoft Application servers patched against monthly patches.
A. First of all we need to know which application, are we talking about?
- Database Application
- Sharepoint Application
- Exchange Application
- Visual Studio and so on
These application hosted over servers in managing database(can be a type SQL one), managing sharepoint sites for sharing and storing internal data and reports and next exchange application is used for distribution of mails internal or external connected evourinment.
B. These type of servers are one the critical servers. These application manage by application team or a dedicated team for each application management.
Let’s move towards how Team patch these application servers
- These servers may have different patch cycle from monthly fixes.
- They will fix once in quarterly or after two quarter.
- Microsoft release service pack in which all updates and security fixes included which were released after old service pack released date.
- So some organization prefer to deploy services pack instead monthly released fixes.
- But you have to ensure if any security updates released. Those should be deploy. no matter if they are not come under decided patch cycle.
- Process is same as we do in OS level patches story. You can follow th below points.
a. They will first collect the all required fixes details from the tool Qualys, Rapid7, SCCM, BigFix, Intune.\
b. Most suitable or confirmed way is to request vulnerability management Team for scan the servers against application server updates
c. They will provide you the exact list of kB articles which required to deploy over servers that will not application server updates, they will also tell you other released updates as well which are related.
d. Then, application server team will request to the servers owner against the fixes for approval.
f. Next and most important part is implementation that will perform in phases of servers Like test, non-production and then production severs to avoid any service dropor server failure.
g. In this point, Team will raise a CHANGE request for downtime that will be a known downtime and Activity Like:- reboot and installing PKG will perform in that time.
h. The 6 point activity will mostly perform in non-business hours over test and non-production servers. Production servers patching will happen in Weekends.
i. That will be Validate by Vulnerability management after 48 hours of pathing if Agent installed or if you have scanners then you can start scanning after 12 hours.
j. And if you found servers which are still pending for the monthly patching, best way raise a request in their bin or start a mail drill for completion of this activity.
k. Now you can repeat i and j steps until all servers are not going to fixed.
Continued