T 4.71 Problems when automating the distribution of patches and changes

Frequently, patches and changes are not distributed manually, but supported by software in a centralised manner. Using software-supported tools within the framework of patch and change management has some advantages, but also disadvantages. For complex IT structures of an organisation, individual errors occurring while patching the IT systems may entail a great deal of security problems. This is particularly severe if software characterised by security gaps is installed simultaneously on many systems.

If errors only occur occasionally, they can often be remedied manually. However, problems arise if the IT system is permanently unavailable in the LAN. An example includes field representatives only rarely or irregularly connecting their computers to the LAN. For example, if the tool is configured in such a way that the updates are only distributed within a certain period of time and if not all IT systems are available, these IT systems cannot be updated.

Example:

In a company, more stringent packet filter rules were installed on the security gateways (firewalls). As a consequence, the LAN was no longer accessible. Automated repair was not possible either and manual repair took very long. During this time, no server services were available, costing the company time and money.