Given the speed at which exploits are released for new vulnerabilities, VARs and consultants don't always have time to test patches before rolling them out to customers. Thus, it's important to know how to undo patching mistakes. This tip, reposted courtesy of SearchWindowsSecurity.com,
offers three methods for safely restoring systems to their pre-patch state.
Patch testing is crucial to helping you ensure each patch is effective and compatible with your critical applications when applied. However, some patches are so critical they must be rushed to implementation without going through proper testing. Even worse, your network may already be impacted by some exploit that requires immediate attention -- leaving you with little choice but to deploy an untested patch and risk breaking applications. How can you address this problem?
A plan for rolling back or undoing patches to restore a system to its previous state should always be included in your patch management process. Here are some tips to help you recover from issues caused by untested patch deployment.
Use Windows System Restore
Windows System Restore will return your Windows computers to pre-patch state without losing personal data files. This tool differs from backup utilities because it only monitors a core set of specified system and application file types, rather than all files. Some patches may prompt Windows to create a restore point on its own, but you can also create one manually. To do so on Windows XP, navigate to Start/All Programs/Accessories/System Tools/System Restore and select "Create a restore point." If something goes awry you can simply go back into System Restore and select "Restore my computer to an earlier time" to undo the damage.
Use rollback features in patch management software
Patch management applications such as St. Bernard's UpdateEXPERT or PatchLink's PATCHLINK UPDATE 3D not only allow you to administer the patch management process and deploy patches, they also enable you to selectively undo or roll back patches that may be causing problems. The rollback process varies by product: Some products have their own mechanisms for tracking changes made by patches so those changes can be undone, while others simply uninstall patches that are designed to be easily removed. You should research the various products to make sure rollback features meet your needs.
Backup your systems
Even if you've conducted extensive patch testing, minute differences in a production system may still interact catastrophically with a patch. By performing a system backup of all files immediately before deploying the patch, you'll be guaranteed to have the ability to restore your system to its pre-patch state.
About the author
Tony Bradley is a consultant and writer with a focus on network security, antivirus and incident response. He is the About.com guide for Internet/Network Security, providing a broad range of security tips, advice, reviews and information. Tony also contributes frequently to other industry publications. For a complete list of his freelance contributions you can visit Essential Computer Security.
This tip originally appeared on SearchWindowsSecurity.com.
This was first published in October 2006