If you're having confusion about this, then I strongly recommend using
http://windowsupdate.microsoft.com for your updates. Ensure you've got the
right version of all the right patches as fast as possible with no
confusion. [You're correct that Windows Update does not detect or update
all Microsoft products that may need patching, but it's a good start.] You
could also consider the free SUS server from Microsoft to be able to control
when your servers get WindowsUpdate-hosted patches, what they do with them
and when.
Another alternative that you may also want to consider instead or in
addition is to download and run the free MBSA tool from
www.microsoft.com/technet/security in command-line HFNETCHK mode to look for
missing patches.
Clement Chan said:
I'm too confused on which security patches to update. I run some web
services like ASP and some web component. and there's a 10-20 list of
security updates waiting for me to install. I have 7 productions servers and
5 development servers. how to manage so many server with the proper updates?
Of course I used teh windows auto-update, but then, my 1st concern these
servers I have are not in-synch with what is installed.