What is the best way to research Windows patches and updates for compatibility issues?

Besides calling the application vendor and hoping to get someone knowledgeable on the phone, what is a good way to research Windows patches to minimize the risk of conflicts as I patch my servers.

Thanks!
nhawkinsVAAsked:
Who is Participating?
 
btanExec ConsultantCommented:
typically when you receive Windows security or update bulletin, the details of each patch will detailed the implicated Windows platform and version, specifically found in their individual knowledge base. they are quite comprehensive and even include deployment rollout. e.g is the IE update below
http://support.microsoft.com/kb/917425

nonetheless, there should be staging area for testing patch on test machine before rollout of patches. this especially applicable for surfacing any other non windows system applications but specific to enterprise and third party software. there are cases where releases by AV cause drastic unintentional denial of services e.g. system cannot bootup, etc (due to replacement or wrongly denying of system files)

But it would be surfaced in staged testing prior patch deployment, but do note severity of patch any delay would expose attack surface longer.

Also the Windows application comptability tool is worth exploring too, even though it is platform specific

http://technet.microsoft.com/library/cc766242.aspx

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=24da89e9-b581-47b0-b45e-492dd6da2971&displaylang=en
0
 
Melannk24Commented:
It is recommended that all security patches be tested in a test bed of servers and workstations matching
your corporate business environment to ensure compatibility issues do not exist.  Microsoft is not going to know exactly what effect the patches are going to have on your unique environment.  There may be third party dependencies that are affected that haven't been reported yet.  It's best to test yourself and note any issues that you notice.   With the power of virtualization, this task can be performed at a lower cost.  We run virtual machines and test all patches prior to deployment.  Some use VMWare with LANDesk that gives you more options, like testing against standard configurations.  You can keep different baselines and choose to run the patches that affect those application baselines, nice and organized.  

Also, do you have a MS TechNet account, you don't have to get a full subscription to view the standard content, that is a great resource.  The MS bloggers will post information about patches, issues, workarounds.  You can always get valuable information from their experts.
0
 
nhawkinsVAAuthor Commented:
Thanks!
0
 
Melannk24Commented:
Glad to help.  Good luck with your research!  :-)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.