Tip

Windows Server 8's patch management upgrades may be too good to be true

Imagine having the ability to patch multiple systems while maintaining continuous Windows Server availability. Sounds like an IT manager’s dream.

Well, that’s exactly what Microsoft is promising with Windows Server 8.

Requires Free Membership to View

Perhaps our Windows Server patching woes will ultimately go away? I’m not convinced just yet.

As Microsoft’s Bill Laing wrote on the Server and Cloud Platform blog, “one of the most common customer comments we have heard is that patching and updating servers is a costly and error prone process.” The same could be said for the automobiles we drive and the homes we live in; anything of substance or value is going to have to be maintained and we’re going to have bumps in the road along the way.

It’s not the process that’s really the problem. We’re merely experiencing a side effect of continually emerging threats, system architecture weaknesses and, arguably, code quality problems. Mix all of this into today’s complex IT environments and it’s a recipe for oversights, exploits and business downtime.

Laing goes on to say that Windows Server 8 will have “the ability to script workflows with PowerShell to make it an easier and repeatable process to patch multiple servers while maintaining continuous service availability.” This begs the question: why don’t we have an easy and repeatable process in place already? It’s 2011 for crying out loud. We know what needs to be done and we have the means to do it.

I believe the real problem lies in Windows administrators not having the proper tools (patch management and vulnerability management) to get the insight into their environments that they really need. This is the perfect example of my mantra: you can’t secure what you don’t acknowledge. It’ll be wonderful if Microsoft can help take the pain out of the patching process and set administrators and businesses up for success by helping them to “keep the joint running.” The clustering and cloud features in Windows Server 8 will no doubt help. We just can’t rely on Microsoft alone to fix all our security problems.

So, Microsoft promises high IT service uptime in Windows Server 8, but what’ll that really translate into? I remember when Windows Server 2003 was going to be a game-changer, especially given its timing with Microsoft’s Trusted Computing initiative. As we saw, it ended up being more of the same. Exploit, patch. Exploit, patch. Fast forward to today and patching Windows servers is as important as ever especially given how simple it can be for an insider – or outsider who has forced his way in – to find and exploit a missing Windows patch with the free and amazingly simple to use Metasploit tool.

Maybe I’ve got it all wrong. Perhaps soon we’ll see that the marriage of multi-server patching and continuous availability in Windows Server 8 equals painless updates with no downtime akin to Novell NetWare when it was in its prime. I’m not holding my breath.

ABOUT THE AUTHOR
Kevin Beaver is an information security consultant, expert witness, and professional speaker with Atlanta-based Principle Logic, LLC. With over 22 years of experience in the industry, Kevin specializes in performing independent security assessments revolving around information risk management. He has authored/co-authored 10 books on information security. Kevin can be reached at www.principlelogic.com or you can follow in on Twitter at @kevinbeaver or connect to him on LinkedIn.

This was first published in October 2011

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.