Should I patch my intranet SharePoint?
-
09-12-2019 - |
Question
SharePoint patching is a hassle and takes a lot of time to test and deploy,
My SharePoint is an intranet site (within my organization's premises).
Some fellow IT admins advised me to patch only major SPs, what is the common practice?
EDIT: One of my major concerns is security patches.
Solution
Microsoft's "Official" stance is exactly that - only apply the most recent service pack to the farm. You are only supposed to apply the Cumulative Updates if there are fixes that you need in that update.
In practice however, it is often useful to apply the most recent CU to a farm every 6-8 months as there are hundreds of small fixes in each CU and chances are pretty good that your user base is hitting their heads against some of them. They might not be reporting it, but they probably are getting frustrated by it.
OTHER TIPS
You could consider a server security product that includes virtual patching (aka vulnerability shielding). Some of the AV products have this as an option.