Scribd Logo
Upload

Welcome to Scribd!

  • Patch Deployment Process

    Uploaded by

    AmarnathReddy Kakumanu
    37 views3 pages
    This document outlines the patch management process for antivirus and Windows patches. It describes installing the latest antivirus version and testing new patches before deployment. Regular monthly patches are deployed across all PCs. Emergency out-of-band patches are deployed as soon as possible after approval when new exploits emerge. The process involves downloading, identifying applicable patches, testing, deploying to pilot and production PCs, monitoring, and handling out-of-band patches.

    Original Description:

    Original Title

    Patch Deployment Process (1)

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document outlines the patch management process for antivirus and Windows patches. It describes installing the latest antivirus version and testing new patches before deployment. Regular monthly patches are deployed across all PCs. Emergency out-of-band patches are deployed as soon as possible after approval when new exploits emerge. The process involves downloading, identifying applicable patches, testing, deploying to pilot and production PCs, monitoring, and handling out-of-band patches.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    37 views3 pages

    Patch Deployment Process

    Uploaded by

    AmarnathReddy Kakumanu
    This document outlines the patch management process for antivirus and Windows patches. It describes installing the latest antivirus version and testing new patches before deployment. Regular monthly patches are deployed across all PCs. Emergency out-of-band patches are deployed as soon as possible after approval when new exploits emerge. The process involves downloading, identifying applicable patches, testing, deploying to pilot and production PCs, monitoring, and handling out-of-band patches.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 3

    Patch Management Process

    SUMMARY

    The objective of this SOP is to make all the user computers to get latest patches and security
    updates to avoid vulnerabilities and protect from virus, malware etc.
    Scope :
    This procedure will cover
    1. Antivirus Patch management
    2. Windows Patch Management
    Procedure :
    1. Antivirus Patch Management
    a. The latest version of Antivirus will be installed on the computer

    b. The new patch releases are under managed services


    c. The patches will be tested before deployment
    d. The testing team will be local IT SPOC and IT HO team
    e. To reboot the PC, post patch updates a pop-up notification will be triggered to user PC.
    f. If any missing PCs identified, the same will be tracked and patched accordingly.
    g. Daily and weekly reports will be generated

    2. Windows Patch Management

    Regular Patch update process

    Note: - All the monthly patches must be deployed on all the all PCs across the organization regularly
    Emergency Patch update process

    1. SECURITY BULLETIN RELEASE and DOWNLOAD FROM MICROSOFT


    Microsoft releases patches on the second Tuesday of every month. The patches will be
    down loaded on patch management tool.

    Note : Confidential and internal process only


    2. IDENTIFICATION
    Identification of security patches are performed to determine the updates which are
    applicable to client environment. The identification of security updates performed by DC tool.

    3. PATCH TESTING
    Before moving to the pilot phase, applicable set of security updates should be rolled out
    to Pre-Pilot work stations using Patch Management tool. It is highly recommended that
    workstations should be rebooted after security updates are applied and to get optimum
    performance from the system.

    4. RAISE CHANGE REQUEST FOR CAB CALL – PILOT & PRODUCTION (SEPARATE CRs)
    Change request should be created within IT Service Management tool detailing about the
    Security updates which will be rolled out to Pilot & Production Servers and workstation along with
    the schedule and any impacts which this change has in terms of reboot, user interaction etc. The
    respective Change ticket should be represented by Workplace services team to CAB and answer
    any queries if CAB has.

    5. COMMUNICATION
    A communication should be rolled out to client stakeholders informing them about the
    security bulletins which are applicable to environment along with the agreed scheduled.

    6. PILOT DEPLOYMENT
    Applicable set of security updates should be rolled out on Pilot PCs using Patch Management
    tool. It is highly recommended that workstations should be rebooted after security updates are
    applied and to get optimum performance from the system.

    7. PRODUCTION DEPLOYMENT
    Applicable set of security updates should be rolled out Production workstation using Patch
    Management tool. It is highly recommended that workstation should be rebooted after security
    updates are applied and to get optimum performance from the system.

    8. MONITORING
    Deployment of updates will be monitored using patch management tool (Desktop Central)
    reporting feature to track the progress of security / Patch updates on weekly basis. This is one the
    vital steps to keep the workstation environment compliant and vulnerability free.

    The above diagram shows the regular updates of the PC.


    Note : Confidential and internal process only
    OUT OF BAND SECURITY UPDATES RELEASE
    An out-of-band security update release is a patch released at some time other than the
    normal release time. The usual reason for the release of an out-of-band patch is the appearance
    of an unexpected, widespread, destructive exploit such as a virus, worm, or Trojan that will likely
    affect many Internet users. A good example is a so-called zero-day exploit, which takes advantage
    of a security hole on the same day that the vulnerability becomes generally known, so there is no
    elapsed time (zero days) between the discovery of the vulnerability and the first attack that
    comes as result of it. Below will be the out of band patch deployment process

    1. Communication to IT Security, asking approval for the deployment of out of band patch.
    2. Raise an emergency change request and ask for approval from CAB.
    3. Deploy the patch on all the workstations (asap).

    END

    Note : Confidential and internal process only

    You might also like