04:03
htc
Background: Microsoft has a very impressive infrastructure for delivering operating system patches once a system has been deployed. But, at the time of deployment, a system is vulnerable, both to security risks, and also to hardware-related issues that are exposed by the operating system. Dell installs a number of Microsoft operating system patches on our server systems to ensure they leave the factory with critical operating system patches already installed.
What Dell Installs
Security Patches – each security patch that Microsoft deploys is reviewed by Dell OS experts and we generally only install security patches that could lead to an immediate vulnerability either in our factory, or in the customer’s environment prior to running Windows Update. This does mean patches that Microsoft may rate as “critical” are not installed, but the patches with the greatest vulnerability that do not require user intervention to exploit a server will be installed.
A security patch we ALWAYS install is the latest Cumulative Security Update for Internet Explorer so the web browser is as secure as possible when we ship the system from Dell.
Operating system patches – Microsoft releases many patches that are not critical for security (and might not be automatically downloaded to a system when Windows Update (WU) is invoked), but may indeed be very important for proper system operation.
Usually, these types of patches are associated with newly developed hardware, such as a new CPU, or we may reach new thresholds that had not previously been tested and expose OS anomalies.
One example is the Dell PowerEdge R910 that supports 1TB of memory – this amount of memory had not previously been available on X64-based servers.
Another example is new CPUs with more cores per CPU.
In addition, new OS features, such as Hyper-V, can also bring issues out that had not been seen in the initial OS release and require patches to function properly.
As Dell finds issues in development and patches become available, we install these in our factory image to ensure the best possible customer experience. In some cases, Dell has worked directly with Microsoft to develop and deploy new patches that fix issues discovered in development.
Important Customer Information
First, since Dell selectively installs Microsoft patches, it is still imperative that customers run Windows Update prior to server deployment into a production environment to ensure complete coverage for all Microsoft patches.
Second, Dell updates factory software only every quarter (in some rare exceptions, a patch must be installed on an emergency basis, such as a zero-day exploit the exposes both customers and our factory) to keep the changes manageable for our customers. This means there will be more recent security patches we will not have factory-installed, so again, run Windows Update.
This document will be updated quarterly to include the latest set of patches we factory install.
What We Install – Dell Factory Patch List
Dell installs patches for all OSes (not just Microsoft), but for Windows server versions, we install patches for all OS’s we ship (since Windows Server 2003 is no longer shipping, I do not cover the patches we shipped with that OS):
1) Windows Server 2008 SP2*
2) Windows Server 2008 R2*
*Dell also ships some specialized versions of OS (based on the above OS versions), such as SBS 2008 – those also receive the patch set relevant to the underlying core OS.
What Dell Installs
Security Patches – each security patch that Microsoft deploys is reviewed by Dell OS experts and we generally only install security patches that could lead to an immediate vulnerability either in our factory, or in the customer’s environment prior to running Windows Update. This does mean patches that Microsoft may rate as “critical” are not installed, but the patches with the greatest vulnerability that do not require user intervention to exploit a server will be installed.
A security patch we ALWAYS install is the latest Cumulative Security Update for Internet Explorer so the web browser is as secure as possible when we ship the system from Dell.
Operating system patches – Microsoft releases many patches that are not critical for security (and might not be automatically downloaded to a system when Windows Update (WU) is invoked), but may indeed be very important for proper system operation.
Usually, these types of patches are associated with newly developed hardware, such as a new CPU, or we may reach new thresholds that had not previously been tested and expose OS anomalies.
One example is the Dell PowerEdge R910 that supports 1TB of memory – this amount of memory had not previously been available on X64-based servers.
Another example is new CPUs with more cores per CPU.
In addition, new OS features, such as Hyper-V, can also bring issues out that had not been seen in the initial OS release and require patches to function properly.
As Dell finds issues in development and patches become available, we install these in our factory image to ensure the best possible customer experience. In some cases, Dell has worked directly with Microsoft to develop and deploy new patches that fix issues discovered in development.
Important Customer Information
First, since Dell selectively installs Microsoft patches, it is still imperative that customers run Windows Update prior to server deployment into a production environment to ensure complete coverage for all Microsoft patches.
Second, Dell updates factory software only every quarter (in some rare exceptions, a patch must be installed on an emergency basis, such as a zero-day exploit the exposes both customers and our factory) to keep the changes manageable for our customers. This means there will be more recent security patches we will not have factory-installed, so again, run Windows Update.
This document will be updated quarterly to include the latest set of patches we factory install.
What We Install – Dell Factory Patch List
Dell installs patches for all OSes (not just Microsoft), but for Windows server versions, we install patches for all OS’s we ship (since Windows Server 2003 is no longer shipping, I do not cover the patches we shipped with that OS):
1) Windows Server 2008 SP2*
2) Windows Server 2008 R2*
*Dell also ships some specialized versions of OS (based on the above OS versions), such as SBS 2008 – those also receive the patch set relevant to the underlying core OS.
0 comments:
Post a Comment