You wrote: > Thanks for the explanation. yes I do understand that critical patches needs > to be applied for any OS. But in this case it is not a stand alone machine, > it is a cluster suite and OS was not installed separately. I would have > definitely upgraded the system if this was stand alone box. If I remember > correctly, long back I was suggested not to upgrade cluster suite due to > various reasons. Though I will check on this and see if its upgradable. If > it is, I will try it out. Let me put it this way: is there *anything* other than an air gap between this system and the Internet? If not, you *NEED* to file a report with your manager(s), and get at *least* a return receipt - a *signed* by them piece of paper would be a lot better - stating that the failure to update to 5.10 is, in your professional opinion a very serious security risk, and not doing so opens the gateway wide to a major security breach, and that you have explained this to them, and they understand the risks. Then point them to somewhere like, say, <http://krebsonsecurity.com/> and have them read about the Sally Beauty breach, and, scrolling down the Target breach, and all the other breaches, and the costs to the companies involved of those breaches. You really do need to pound this into their heads. mark