MSP Blog Logo

Cyber Security

Business Growth

Sales and Marketing

IT Services


Empowering Your MSP Business to Grow and Prosper—One Post at a Time


Featured Post

The Ultimate Guide to Success in Managed IT Services

What are the fundamentals to building a profitable managed IT services business? Keep reading to discover the four key ingredients for success.

Read Now

Practicing Unsafe Patching: IT SNAFU Day 2

Posted December 11, 2014by Brandon Garcin


Once upon a time, we didn’t have to worry about patching or software updates. We’d simply buy a computer, use it until it stopped working (or became obsolete), and then upgrade to the next model. And while this approach wasn’t particularly cost-effective, it certainly helped keep things simple.

With the release of Windows 95, Microsoft introduced “Windows Update”—a web-based portal offering additional desktop themes, games, device driver updates, and other optional content that didn’t ship with the operating system (OS) itself. Rather than wait for a hardware refresh or a complete OS upgrade, users could now install incremental updates that helped keep machines up-to-date with all the latest features and capabilities.

Fast forward to the present day, and software updates have become far more complex—and far more important. And for many users, particularly in business environments, the intricacies and inner-workings of a given update don’t really matter—all that matters is that machines are working as they should.

Without question, the most prominent (and most important) patches today are security patches. Cybercriminals and hackers are more dangerous than ever before, and software providers are constantly writing, rewriting and updating code to protect against viruses, threats, and any unwanted exposure of user or machine information.

But just because a new patch is released doesn’t mean businesses should immediately drop everything and install the update. From time to time, patches will contain unseen vulnerabilities, have installation issues, or even prevent machines from successfully rebooting once the installation is complete.

For MSPs and solution providers, there’s a clear message here: If you aren’t taking the time to properly test patches before applying them, you’re putting yourself—and your clients—at risk.

Better Safe Than Sorry

Your clients are looking to you as more than just a vendor—you’re a trusted partner and technology advisor, and your services need to reflect that. By testing and researching patches before pushing them to your clients’ machines, particularly Microsoft security updates and critical Windows patches, you can provide added security and peace of mind for both yourself and your customers.

So what does “testing” actually mean here? For starters, you’ll want to create a testing environment of your own—take a few machines and designate them specifically for this process. Install new updates and patches on these machines, and spend some time tinkering to determine if any unwanted side effects are popping up. Make sure there’s some diversity in the environment, too—take a few servers, a few desktops, and make sure you’re testing updates across multiple operating systems.

You’ll also want to conduct a bit of research to see if others have uncovered any problems you aren’t experiencing in your own testing environment. The Web is your friend here—there’s no shortage of online forums, communities and groups filled with valuable information from others who have done patch testing of their own. Doing this research will not only help you verify your own findings, but can also yield some valuable insights you may not have tested for—i.e. how a new security patch will impact third-party software like Adobe. Yes, this can take some time; but in the end, it’s worth it.

Here are a few additional patch testing considerations and best practices:

Flexibility is Essential

The ability to maintain unique patching policies for various client sites is an absolute must-have. Your customers have varying needs, and office hours can differ significantly from one business to the next—your patch policies need to be flexible enough to support whatever your customers can throw at you.

If a customer employs traditional 9-5 business hours, chances are machines are being switched off overnight—so patches need to be pushed during the day. A client requiring 24x7 uptime, on the other hand, may prefer to push patches at 2am when fewer employees are present (to minimize interruption).

The ability to maintain separate patch policies for desktops and servers in your RMM tool is also essential, as is the ability to identify critical vs. non-critical updates.

White-Listing and Black-Listing

This is a great way to help demonstrate the value of patch testing to your clients. White-listing and black-listing patches is simply a process of identifying those patches that have been tested and approved for installation, as well as those that have been deemed unsafe. Creating lists and sharing this information with your clients not only helps you showcase the effort you’ve put into the testing process, but also serves as a great resource to help you reinforce your value as a managed services provider—particularly for those customers whose offices you aren’t visiting all that often.

Already a partner? We've uploaded the latest Microsoft Security Patch Whitelist and Blacklist PDFs to Collaborate. Get list of safe & unapproved patches here!

Don’t Assume Everything is Working Just Fine

You shouldn’t assume that a given patch has installed successfully—and just because a machine successfully reboots doesn’t necessarily mean everything is working smoothly. Take a moment to double check that the update was actually successful (hint: your RMM tool should be able to produce a report tracking patch success/failure). 


There’s no denying the importance of software patches and updates today—and MSPs are uniquely-positioned to act as trusted advisors and gatekeepers when it comes to implementing these updates. Take the time to test critical security patches before pushing them to your clients’ machines—both you and your customers will be glad you did.


Watch Webinar: Relieving Patching Pains

Brandon Garcin is Continuum's Director of Content Marketing, and is responsible for the creation and execution of a variety of resources designed to win new business and support existing customer accounts. He has authored more than a dozen eBooks which have generated thousands of downloads, and has consulted with hundreds of Continuum partners to help improve their marketing and lead generation efforts through website optimization and content development. Brandon is also the host of The Weekly Byte, a video and audio series produced by Continuum that provides quick, digestible tips and best practices that MSPs can use to help their business succeed.

Topics: IT Services

RMM 101: Must-Haves for Your IT Management Solution
MSP Guide to Managed Services SLAs  [white paper]
comments powered by Disqus