Today's topic revolves around applying patches and updates as a response measure.

My first personal comment is that patching and updating is really a Preparation step and helps avoid incidents in the first place.  But we all already knew that. :-)  I'm interested in how your patching and updating process differs when you've had an incident before patches become available.

Reader comments to follow...

Chris: wants to remind us about Secunia's PSI inspector.  I should also point out that we musn't forget the home-user scaled incident response.

Anonymous: wants to remind us to disable an unpatched service until the patche become available-- especially in the dreaded "zero day" scenario with exploits ongoing and patches still being developed/tested.