Applying security patches is a fundamental stage in vulnerability management. However, it is one of the most complex stages to execute because it generally involves the temporary suspension of services while the patch is applied and, in addition, there is a risk of breaking compatibility with other associated systems. These issues are even more relevant when it comes to critical systems that offer 24/7 service. The idea of this project is to define a methodology to apply security patches, minimizing service suspension time and ensuring compatibility between multiple systems that must be updated.