Patch Window

How long do you guys wait to apply patches in pre-production environment before production after Microsoft patch Tuesday?

We’re not a Windows shop on the server side but here’s what we do:

  • Developer environments run updates daily. Reboots occur weekly to apply anything that needs a reboot (kernel updates, mostly, for Linux).
  • User test environment is patched at least monthly (monthly unless critical issues are found). The patching includes reboots/updating containers & recycling them.
  • Production is patched a few days after the user test environment to give time to determine if any of the non-prod patching was impactful.

Regardless of the above cadence, exploitable zero-days are patched immediately.

Thank You!