How to patch a new system without getting infected
With Sasser and friends out there, it seems like a chicken and egg scenario when trying to download patches for a vulnerable new system, if you're unlucky as Loren Heiny explains you'll be infected before you can even download and install the updates. A similar question was asked on an internal Microsoft forum a while back and so here's how to bring a new system online and patch it without being exposed:
- Disconnect machine from network
- Install the new system (if not installed)
- Enable firewall and do not allow inbound exceptions
- Connect machine to network
- Download and install required service packs and updates
- Download and install antivirus software
- Join machine to domain (if applicable)