Microsoft has addressed the increasing complexity of software patching with the release of Systems Management Server (SMS) 2003.
SMS 2003, which was launched on 11 November, is a distribution platform for deploying updates for all types of Microsoft Windows systems. It forms a key plank of the company's Dynamic Systems Initiative, an effort to simplify and automate the management of Windows software, in particular patching.
Patch management has become a hot topic for IT managers, following the barrage of virus and worm attacks aimed at Windows systems over the summer.
Some users say the amount of time and effort required to patch systems against threats is becoming unreasonable. For example, one business said it spent four days downloading a patch to protect itself against the MSBlaster virus.
Scott Charney, chief security strategist at Microsoft, told Computer Weekly that he wanted to see improvements in the way the company handles patch management. "We need better installation and distribution processes for patches," he said.
One of Charney's biggest concerns was the time it takes for patches to be made available to users. Once a security issue has been identified, there is a window of opportunity for hackers before the patch is released and users install it.
"We need to be in a position to make patches available within 24 hours of a security alert," he said. Ideally, PCs should be updated with new patches automatically without any intervention, Charney added.
SMS 2003 brings this goal a step closer by reducing the time needed to prepare and deploy Microsoft security patches - as well as operating system and application updates - into a production environment.
The software continuously monitors the status of security patches across the network and includes a wizard that administrators can use to rapidly deliver updates as new patches become available.
The release of SMS 2003 comes soon after Microsoft announced a series of measures designed to make its products more secure, including reducing the frequency of publishing "non-critical" security notices from a weekly to a monthly basis.