Hack 83 Apply Patches in the Correct Order

figs/moderate.gif figs/hack83.gif

Deploying patches properly can sometimes mean applying them in the right order, as this experience can testify.

There is a specific order you should follow when applying Microsoft security patches. Microsoft's policy (a little understated) is that you need apply patches in the order in which they are released. Understanding Microsoft's naming convention for security patch releases is definitely critical for you to understand patch order. See the article at http://www.myitforum.com/articles/20/view.asp?id=5894 to understand the security patch naming convention.

What could happen if you patch out of order? Microsoft's patches are released with the assumption you have a patch-management policy in place and that you have applied all patches to date. So, when they develop the next patch, they also assume that the system to which you will apply the latest patch release has the proper file versions.

If you apply the patches out of order, you can effectively overwrite a secure file. For example, say the RPC DCOM worm is patched by using MS03-026. If you have this patch, you will not be affected by the worm. But if you apply MS03-010 after you apply MS03-026, a secure DLL will be overwritten with an insecure one, reopening the vulnerability that MS03-026 patches.

Why would someone do this, you might ask? The RPC DCOM worm was something you couldn't get away from. The Department of Homeland Security issued warnings, Microsoft issued warnings, and the warning was blasted all over TV and Internet. This woke up a bunch of system administrators, so they patched with MS03-026. And, since they were patching, they might as well get the other patches they had missed up to that point, applying MS03-010 after the fact.

So, make sure that you are apply your patches in the order in which they are released. If you have some catching up to do, take the extra time to get it right!

?Rod Trent