patching on virtual machines

sns 9,226 Reputation points

Installing patches on window server and linux server and window os machines, please suggest how to proceed for below vulnaribilites

and if I do windows update from start button, will below vulnerability cover?

User's image

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,390 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Sina Salam 5,556 Reputation points

    Hello @sns

    Welcome to Microsoft Q&A and thank you for posting your questions here.

    Your questions are to know how to proceed for below vulnerabilities managements and if windows update from start button, will resolve vulnerability listed.

    When vulnerabilities are detected on Windows and Linux servers, as well as Windows operating system machines, it's crucial to address them promptly to enhance the security and protect your systems from potential threats. Here's a general guideline on how to proceed:

    1. Patch Management Process
    2. Windows Server
    3. Linux Server
    4. Windows Operating System Machines
    5. Documentation and Reporting
    6. Monitoring and Continuous Improvement
    7. Backup and Recovery
    8. Security Policies and User Education

    Taking the above one after the others will resolve the issue and prevent the same to happen in the future. Firstly, you need to follow the how to implement a structured patch management process that includes the following steps:

    a. Vulnerability Assessment,

    b. Vulnerability Prioritization,

    c. Test Patches,

    d. Deploy Patches,

    e. Schedule Downtime,

    f. Monitor and Verify.

    After patch deployment, monitor the systems to ensure they are functioning correctly and that the vulnerabilities have been mitigated.

    Now, what goes in between the steps are many efforts:

    Handling your Windows Server as stated in number 2. For Windows servers, use Microsoft's Windows Update services or Windows Server Update Services (WSUS) for patch management. Additionally, consider the following:

    • Ensure that Automatic Updates are enabled and configured.
    • Regularly check for updates from Microsoft and apply critical and security updates as soon as they are released.
    • Use Group Policy to manage and control updates in a Windows Server environment.

    Handling your Linux Server, the approach to patch management may vary depending on the distribution. Commonly used package managers for various Linux distributions includes:

    • Debian/Ubuntu: use apt or unattended-upgrades.
    • Red Hat/CentOS: Use yum or dnf.
    • SUSE: Use zypper.
    • Others: Refer to the package manager specific to your distribution.

    Additionally, you can consider using configuration management tools like Ansible, Puppet, or Chef to automate patch deployment across multiple Linux servers.

    Windows Operating System Machines, for individual Windows operating system machines, you can follow these steps:

    • Enable Windows Update to automatically download and install important updates.
    • Set up a regular schedule for Windows Update to check for updates.
    • Manually check for updates and install them when needed.
    • Consider using Group Policy to enforce update policies for Windows machines in a corporate network.

    Ensure you perform number 5 to 8 as stated for future purposes.

    I hope this is helpful! PS: Do not hesitate to let me know if you have any other questions.

    Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.

    Best Regards,

    Sina Salam