Is there a security risk of patching my web server via microsoft update while
the websites are running? Or should I shutdown IIS prior to doing this? My
thought is I could update the server and schedule aq reboot t a later time.
On Sep 21, 2:04 pm, George Schneider
wrote:
> Is there a security risk of patching my web server via microsoft update while
> the websites are running? Or should I shutdown IIS prior to doing this? My
> thought is I could update the server and schedule aq reboot t a later time.
Your statements actually have no correlation with each other, so I'm
not certain what you are trying to ask.
Here's what you need to know -- patches need to be installed and
active for their benefits to be realized. Some patches may require
rebooting the system to become active, and they will indicate this
requirement.
So, there is no risk correlation between patching while the website is
running, nor is there a correlation with shutting down IIS.
Updating the server and scheduling a reboot at a later time MAY leave
your system vulnerable IFF the patch requires a reboot.
By default, the patch installations will favor security and tell you
if you need to reboot or not. So, you just need to worry about whether
you want to apply a patch and when to apply a patch.
//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//
Another thing to kepp in mind is that some patches actually impact IIS when
they are being installed, not just when the system is rebooted. I can think
of at least one instance where a .Net Framework security update actually
caused IIS services to restart.
"David Wang" wrote:
> On Sep 21, 2:04 pm, George Schneider
> wrote:
> > Is there a security risk of patching my web server via microsoft update while
> > the websites are running? Or should I shutdown IIS prior to doing this? My
> > thought is I could update the server and schedule aq reboot t a later time.
>
>
>
> Your statements actually have no correlation with each other, so I'm
> not certain what you are trying to ask.
>
> Here's what you need to know -- patches need to be installed and
> active for their benefits to be realized. Some patches may require
> rebooting the system to become active, and they will indicate this
> requirement.
>
> So, there is no risk correlation between patching while the website is
> running, nor is there a correlation with shutting down IIS.
>
> Updating the server and scheduling a reboot at a later time MAY leave
> your system vulnerable IFF the patch requires a reboot.
>
> By default, the patch installations will favor security and tell you
> if you need to reboot or not. So, you just need to worry about whether
> you want to apply a patch and when to apply a patch.
>
>
> //David
> http://w3-4u.blogspot.com
> http://blogs.msdn.com/David.Wang
> //
>
>