Forgive the Jethro Tull reference but they're a great band. So a day or so after Microsoft releases a patch and the hackers have created exploit code. What's an IT administrator to do?

Well not a lot, if truth be told. If you're running a 10,000 client system the chances of patching all the computers is roughly similar to me forming a meaningful relationship with Susan Sarandon. The best you can do is harm reduction.

That means withholding admin rights from as many people as possible and to hell with the complaints. A lot of people want to have full control of their PCs, but a lot of people are stupid about it.

There's also a duty of care from software suppliers. It only needs one malformed patch to make everyone wary of installing the next one.

So patch up, but remember not just to rely on the patches. A lot of software vendors are already crowing about the fact that patch or no patch their customers were protected. Check out their claims and, if the technology is usable, use it. Just relying on patching is not an option.