Security and Hot Fix Policy

Cisco closely monitors security bulletins from Microsoft and evaluates them based on the impact to Cisco CallManager and other IP telephony applications.

When Microsoft posts a security patch, Cisco determines whether the patch affects applications and operating system components in Cisco CallManager and applications that share the same operating system installation process. Cisco then tests the relevant patches to verify correct operation with Cisco applications. This is a list of applications and operating system components that might be affected by a patch:

Caution

The operating system upgrades provided by Cisco are not the same as upgrades provided by Microsoft. The operating system upgrades and patches provided by Cisco are tailored for IP telephony applications. If a Microsoft service pack (SP) or hot fix is installed for the Cisco IP Telephony Operating System, the applications running on the Cisco IP Telephony Operating System might be adversely affected.

The security patch and hot fix policy for Cisco CallManager specifies that any applicable patch deemed Severity 1 or Critical must be tested and posted to Cisco.com within 24 hours as a hot fix. All other applicable patches are consolidated and posted once a month as incremental service releases. Notification tools (e-mail service) for providing automatic notification of new fixes, operating system updates, and patches for Cisco CallManager and associated products are also available:

Note

The Cisco IP Telephony Operating System configuration and patch process does not currently allow an automated patch-management process.

Operating System Hardening

Категории