Definition of Microsoft patches

Find out what types of new code introductions are included in Microsoft patch management in this book excerpt from Chapter 1 of "The complete patch management book."

The complete patch management book Get a glimpse inside the e-book "The complete patch management book" by Anne Stanton, president of Norwich Group, and Susan Bradley, Microsoft Small Business Server MVP. This series of book excerpts will help you navigate Chapter 1, "What is patch management?," courtesy of Ecora. Click for the complete book excerpt series.

Definition of Microsoft patches

In the Microsoft world, patch management included all of the following types of new code introductions:

  • Critical Update: This is not a security update but a fix for an issue in broadly applied software. It is publicly available and has an accompanying knowledge base article.
  • Driver Update: This updates software that supports and controls hardware. Driver updates may come from either the software vendor or the hardware vendor.
  • Feature Pack: Software package that includes non-critical additions to the base software program. It typically appears between major releases.
  • Hotfixes: Patches built to address specific issues. Recipients may not distribute hotfixes outside their organizations without written authorization from Microsoft. Get them FREE by calling Microsoft Product Support Services. Hotfixes do not receive the regular testing process.
  • Security Update: This is what we traditionally refer to in patch management circles. There is a severity rating included with each update, as is a security bulletin discussing the issue and a Knowledge Base article describing the patch in detail.
  • Service Packs: These are cumulative packages of hotfixes, security updates, critical updates and updates. A service pack undergoes both internal and external testing.
  • Software Update: This is any update, update rollup, service pack, feature pack, critical update, security update or hotfix.
  • Update: This addresses a non-critical, non-security issue.
  • Update Rollup: This is a cumulative package of hotfixes, security updates, critical updates and updates, collectively tested for easy deployment.
  • Upgrade: This software updates and upgrades an application to a newer version while keeping the settings and data from the prior program.

Each of these categories requires the same process and procedures of testing, acceptance and management sign off. Each must go through a process no matter the size of an organization. We will spend the bulk of our time in this document on security updates.

Footnotes: "Description of the standard terminology that is used to describe Microsoft software updates," (Redmond, WA: Microsoft, Inc., 2004).

Click for the next excerpt in this series: What is a patch?

Click for book details or get more information from Ecora.

Read more on IT risk management