Security|Windows 10|Windows 7|Windows 8|Windows Server 2008|Windows Server 2012

Huge Change to Patch Tuesday -- IT Admins are Revolting [updated]

Microsoft Windows patch rollup
Nadella visualizes a monthly rollup

Microsoft to change how older OS installs get updates. From September, it’ll be more like the Windows 10 way of servicing.

So on the next Patch Tuesday, get set for one single rollup update. This means you’ll no longer be able to select the patches that work for you. And that’s a really good thing, because… uhh, reasons.

Well, it certainly makes Microsoft’s life easier, which is good, right? Right? In today’s IT Newspro, IT sysadmins brace for more update uncertainty, patch panic, and Tuesday terrors.

Your humble newswatcher curated these news nuggets for your entertainment. Not to mention: Coreographing success

Sponsored Content

What is “Inside Microsoft Teams”?

“Inside Microsoft Teams” is a webcast series, now in Season 4 for IT pros hosted by Microsoft Product Manager, Stephen Rose. Stephen & his guests comprised of customers, partners, and real-world experts share best practices of planning, deploying, adopting, managing, and securing Teams. You can watch any episode at your convenience, find resources, blogs, reviews of accessories certified for Teams, bonus clips, and information regarding upcoming live broadcasts. Our next episode, “Polaris Inc., and Microsoft Teams- Reinventing how we work and play” will be airing on Oct. 28th from 10-11am PST.

[Developing story. Updated 7:23 am ET with more comment]

What’s the craic? Mary Jo Foley knows all about how Microsoft will move to monthly patch rollups:

Patches for Windows 7, 8.1Server 2008 and Server 2012 [will be] single rollups.Microsoft is moving to the samemodel for the .NET Frameworktoo.

These rollups will replace individual patches. [They] are going to include both security and reliabilitypatches. [They] will be published to Windows UpdateWSUSSCCM and the Microsoft Update Catalog.

As of October 2016individual [security] patches will no longer be available.The ultimate goal is for [the] rollups to become fully cumulative.

What if I want just the security patches? Kurt Mackie clarifies that there will be Two Update Types:

There will be two types of monthly releases.A “monthly rollup” and a “security-only update.”The security-only update is not going to be available through Windows Update. [And] organizations won’t be able to get security patches individually.

Organizations looking for individualupdates via the Microsoft Download Centerwon’t find them there.Microsoft [has already] started housing themin the Microsoft Update Catalog.

Cool, so I bet infosec opinionators are happy. Right? As Richard Chirgwin notes, that zero-day is still zero-month:

Farewell to a Patch Tuesday of downloading multiple files. [But] Redmond has decided to kill off individual security patches.

[It] will reduce the chance that an update fails [due to] a dependency on a prior update.Servicing Stack and Adobe Flash won’t be included.

Would you like to “experience” some Redmondian jargon? Microsoft’s Nathan Mercer speaks of simplifying servicing models:

Based on your feedback, today we’re announcing some new changes.Historically, we have released individual patcheswhich allowed you to be selective. [But] this resulted in fragmentation.

A rollup model [has] a more consistent and simplified servicing experiencegreater predictability, and higher quality updates.Getting and staying current will also be easier [and it] will minimize administrative overhead.

Windows Update [and] WSUS will utilize express packages, keeping thedownload size small.We will also be updating our down-level documentation.The monthly .NETRollup will deliverupdates to the .NET Framework versions currently installed on your machine.

So IT is basically being dragged, kicking and screaming, into Windows 10’s update style? Chris Merriman makes merry, with this epic rant: [You’re fired -Ed.]

Time to grab your indignation sticks and riot. [Microsoft] explained in some blog post blah blahthat this is an extension of the ‘Convenience Rollup’because you’re only a sysadmin and what do you know?

So, after months of Windows 10 sysadmins complainingthey weren’t being given the transparency they neededMicrosoft has decided to take the problem away bytaking away [the] right to choose.

In other words, fixing Windows 10 by making Windows 7worse.

What else is new? Novex sounds sorely vexed—Xbox attitudes again:

PCs just aren’t Xboxes. They are used in many different ways [so] updates need to be more finely controlled.And that applies toone-person businesses as well asconglomerates.

I can see businesses simply not installing it.How does that keep those PCs secure?

Yikes. Doesn’t anyone have something nice to say about it? JC Torres obliges, with Windows 7, 8.1 switches to monthly rollup update scheme:

In the past, Microsoft released patches piecemeal, whichmakes the user’s work more burdensome.Starting October, that all changes.One advantage [is] it will be easy for users to getupdates even if they missed a few.

Anyone else? Yes, this guy calling himself Dilbert:

We use SCCM and before it WSUS, and patching Win 7 still takes forever.It literally takes hoursand about 4 or 5 reboots [after] an SP1 install.Update detection alone can run for 10 minutes. Win 7has gotten just as bad as XP was.

Update: Yet more supportive comment. This one from Matthew Steeples:

This dramatically reduces the combinations of patches that will have to be testedwhich will mean higher quality.Yes it means that you’ll be left with an “all or nothing” approachbut done properly it will reduce the possibility of needing to roll back.

But WWPTD? Paul Thurrott says it will Dramatically Improve Windows 7/8.x Servicing:

Windows 7 updating is still very much broken.Now, Microsoft is taking the next obvious step.

Here’s the best part: Each Monthly Rollupwill supersede the previous month’s. [So] there will always be only one update required to get your Windows up-to-date.

This is of course what Microsoft should have done in tandem with the development of Windows 10.But it looks like theyfigured out how to do right byhundreds of millions of customers.

Buffer Overflow

More great links from Petri, IT Unity, Thurrott, and abroad:

And Finally

You have been reading IT Newspro by Richi Jennings, who curates the best bloggy bits, finest forums, and weirdest websites… so you don’t have to. Hatemail may be directed to @RiCHi or [email protected]. Ask your doctor before reading. Your mileage may vary. E&OE.

Main image credit: Le Web (cc:by)

Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

External Sharing and Guest User Access in Microsoft 365 and Teams

This eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

You will learn:

  • Who should be allowed to be invited as a guest?
  • What type of guests should be able to access files in SharePoint and OneDrive?
  • How should guests be offboarded?
  • How should you determine who has access to sensitive information in your environment?

Sponsored by: