Is it OK to installed window server security updates if you dont plan on rebooting for awhile?

3

I know for some of the patches to actually take place a reboot is required but my thought is if I installed it as soon as the patch comes out then any patch that does not require a reboot will be corrected and then next reboot. I can also save time installing at that point.

Is this bad or not recommended though?

user141322

Posted 2012-06-20T14:21:20.500

Reputation: 53

Until you reboot you are still vulerable. The patches are not applied until you reboot. Thus installing them serves no purpose until you actually reboot your system. – Ramhound – 2012-06-20T15:48:30.597

Also, if you're using Microsoft/Windows Update you can't scan for any additional updates you may need until the system has been rebooted. This means that you may wind up needing to reboot twice, when a single reboot would have done. – Harry Johnston – 2012-06-21T02:45:27.880

Answers

0

Delaying reboot after doing security updates is not recommended, for a couple reasons.

  1. If libraries/dlls are changed, and something running relies on the old library/dll, "bad things" can happen, causing unexpected crashes and strange behavior.
  2. As mentioned in a comment, some of the things changed won't actually take effect until a reboot, so if something was resolving a weakness, that weakness may still be exposed.

I know that sometimes you can't reboot a system any time you feel like, and in those cases, I try to delay an update until just before a reboot can occur, to prevent any unexpected, possibly VERY BAD behavior from reason 1.

killermist

Posted 2012-06-20T14:21:20.500

Reputation: 1 886

In most cases, Microsoft Update puts the new versions of the files in a temporary location, and during the reboot will move them into their correct place. Ramhound's comment is more accurate than your answer. – None – 2012-06-21T00:20:19.583

@RandolphWest: in XP/2003, updates install each new file immediately unless the existing file is locked. This means file versions can be mismatched because some (and only some) have already been updated, which can cause instability. As of Vista, the update engine works differently, but to the best of my knowledge MS have never actually promised that update files will only be installed atomically. – Harry Johnston – 2012-06-21T02:43:53.110

0

Is it technically OK? Yes. You can install updates and never reboot. However, that is not wise. The purpose of updates is to typically to fix a bug or security flaw in the software. Updates that require reboot are usually for components that are in use and cant be patched till the machine is rebooted.

Another issue is depending on the patch and other conditions, Windows might not let you update other software until the current software (waiting for reboot) is updated.

It is best practice to patch and then reboot as soon as it is feasible.

Keltari

Posted 2012-06-20T14:21:20.500

Reputation: 57 019

Asked: 2012-06-20T14:21:20.500

Viewed: 117 times

Active: 2013-09-10T14:10:18.117