Server Patching


A server is a computer application or device that provides services to other computers. It is important to patch servers as quickly as possible. You should apply critical and high severity security patches within seven days of their release and all other security patches within 90 days. Key factors for server patching are downtime, duration, and frequency.


Windows Server

  1. For stand-alone servers, use Windows Update to automatically download and install patches.
  2. To manage updates on multiple servers, use Windows Server Update Services (WSUS).

Debian and Ubuntu

To manually update a stand-alone server, from a terminal:

  1. Type apt update; this will update all packages on the system.
  2. Type apt upgrade; this will show how many packages are upgraded, newly installed, and deleted.

To automatically apply updates to Debian and Ubuntu servers, use Unattended Upgrades.


To manually update a stand-alone server, from a terminal:

  1. (Optional) dnf check-update checks which packages have available updates.
  2. (Optional) dnf updateinfo displays a summary of updates available.
  3. (Optional) dnf updateinfo list prints out a list of updates and which types they belong to.
  4. sudo dnf upgrade updates your system, telling you how many packages were installed and how many were upgraded. sudo dnf update works as well.
  5. sudo shutdown -r now reboots the system to complete the update.
  6. To make sure that your system is up to date, you can type dnf check-update and it will print out the last time your system was updated.


If you have questions or information that is not covered in this procedure, please contact the Virginia Tech IT Security Office at for a consultation.