I know of a case at a Fortune 100 company where they had that policy. Several years ago, a SQL Server worm got into their network because of their delayed policy. Much of the company was brought down for about three days due to the worm.
What do they expect to find that Microsoft didn't discover in testing the patch on thousands of configurations?
>My IT group has a "policy" where they age all Microsoft patches for 30 days before rolling them out to nearly 100 machines.
>
>I feel this practice is dangerous and puts everyone at risk. I think that at least for the High Priority Security patches they should be installed immediately.
>
>The IT group claims that they install these on a machine in their lab and allegedly "test" it.
>
>What you think?
Craig Berntson
MCSD, Microsoft .Net MVP, Grape City Community Influencer