In This Module Objectives Applies To How To Use This Module Update Management Overview Security Terminology How Microsoft Fixes Software After Release The Importance of Proactive Update Management Requirements for Successful Update Management Effective Operations Tools and Technologies Effective Project Management Processes The Four-Phase Approach to Update Management Related Resources Give Us Your Feedback This module provides an introduction to update management and explains why update management is essential for enterprise systems.
This module also describes the processes used within Microsoft to develop and release software updates, and shows how these relate to the steps you should take for proactive security update management.
Finally, the four-phase approach update management process that Microsoft recommends is introduced, with more details presented in the following modules.
Every Microsoft product group includes a sustaining engineering team, which develops software updates for problems that are discovered after the product has been released.
When Microsoft is made aware of a security vulnerability, the issue is evaluated and verified by the MSRC and the appropriate product groups.
Table 1: Important Security Terms An unchecked buffer in a program that can overwrite the program code with new data.
If the program code is overwritten with new executable code, the effect is to change the program's operation as dictated by the attacker.
Directed attacks can be carried out locally or remotely, and can include an exhaustive search for one of many possible vulnerabilities, including software vulnerabilities, weak passwords, weak security configurations, and security policy or training vulnerabilities.
Microsoft is committed to protecting customers from security vulnerabilities.
These categories are often used in Microsoft security bulletins to describe the nature of a security vulnerability.