ASP.NET.in.a.Nutshell.Second.Edition [Electronic resources] نسخه متنی

9.4 Patching

The best use of the preceding techniques will not protect your
application if you miss the important practice of patching.
Patching is the
practice of applying vendor-provided fixes to the software you use to
run your web application. Whether it's your web
server, your database software, your operating system, or any other
software used in your application, running without security patches
installed is an invitation to hackers everywhere.

Fortunately, Microsoft is working to make the patching process
easier, with tools such as Windows Update, and a relatively new
tool, the Microsoft
Baseline Security Analyzer (MBSA). MBSA Version 1.1, available at
http://www.microsoft.com/technet/security/tools/Tools/MBSAhome.asp,
provides both GUI and command-line interfaces for scanning local and
remote machines for patch status and common misconfigurations of the
following products:

• Windows NT 4.0

• Windows 2000

• Windows XP

• IIS 4.0 and 5.0

• SQL Server 7.0 and 2000

• Internet Explorer 5.01 and later

• Office 2000 and 2002

• Exchange 5.5 and 2000 (patch scanning only)

• Windows Media Player 6.4 and later (patch scanning only)

In addition to tools like Windows Update and MBSA, you can also sign
up for notifications of security bulletins at http://www.microsoft.com/technet/security/bulletin/notify.asp.

Regardless of how you find out about patches, it is imperative that
you keep all software associated with your web application patched
and up-to-date.