Forum Discussion

elbutre's avatar
elbutre
Level 4
12 years ago

enterprise vault 10.0.3 and office 2007 security patches

hi

i have just upgraded from 10 sp1 to sp3 (enterprise vault) and all is working very nicely

the deployment scanner advised to update office 2007 to sp3 and install 1 other hotfix

wsus still reports there are about 24 other critical/important office 2007 patches that should be applied.

does everyone keep their EV servers fully patched when it comes to office 2007 or is it a matter to stick to the deployment scanner advice.

many thanks

 

  • There are usually two schools of thought in this respect.. but firstly the 'patch' that deployment scanner references is only really necessary if you are targetting an Exchange 2013 server.

     

    School 1 - Patch everything

    The Enterprise Vault server is in many ways a MEGA user, in that it sees ALLLLLL sorts of mails, with all sorts of content.  So sooner or later it might come across something 'bad'.  If Outlook is fully patched then it might be that the 'bad' thing is handled more gracefully than if Outlook isn't patched.

     

    School 2 - Patch what is required

    Outlook on the EV server is not usually used by a user.  Therefore 'silly' things that users do (social phishing type attacks) aren't an issue.

     

    My personal school of thought ...  patch it all.  

  • There are usually two schools of thought in this respect.. but firstly the 'patch' that deployment scanner references is only really necessary if you are targetting an Exchange 2013 server.

     

    School 1 - Patch everything

    The Enterprise Vault server is in many ways a MEGA user, in that it sees ALLLLLL sorts of mails, with all sorts of content.  So sooner or later it might come across something 'bad'.  If Outlook is fully patched then it might be that the 'bad' thing is handled more gracefully than if Outlook isn't patched.

     

    School 2 - Patch what is required

    Outlook on the EV server is not usually used by a user.  Therefore 'silly' things that users do (social phishing type attacks) aren't an issue.

     

    My personal school of thought ...  patch it all.  

  • Of course we keep our production servers fully patched (or at least with all security-patches)