How long do you guys wait to apply patches in pre-production environment before production after Microsoft patch Tuesday?
We’re not a Windows shop on the server side but here’s what we do:
- Developer environments run updates daily. Reboots occur weekly to apply anything that needs a reboot (kernel updates, mostly, for Linux).
- User test environment is patched at least monthly (monthly unless critical issues are found). The patching includes reboots/updating containers & recycling them.
- Production is patched a few days after the user test environment to give time to determine if any of the non-prod patching was impactful.
Regardless of the above cadence, exploitable zero-days are patched immediately.