Microsoft’s New Patching Philosophy Sacrifices A Few For The Many

patch hero

Earlier this week, Microsoft announced a significant change in its patching strategy for older versions of Windows that includes Windows 7 and Server 2012. Starting in October, the company will be moving to an all or nothing approaching with the release of its updates which for some IT Pros, has made them quite nervous.

The company’s new approach for older versions of Windows will now mirror what it does with Windows 10. By issuing monthly patches that are all-encompassing of the previous updates, it will reduce the complexity of provisioning a new machine. This new model will also make it easier to maintain existing machines as there will only be one patch to install each month.

But, the downside to all of this, is that IT Pros are losing the ability to individually deploy patches to each machine which has proven to be a useful strategy as Microsoft has released updates that have broken basic functionality. It’s a big change and one that could have executives yelling at IT shops for rolling out a bad patch to their network since they no longer have the ability to restrict unwanted updates.

The end goal is to help Microsoft make the release patches more reliable and reduce the complexity of testing. As it stands right now, because a company can block a specific patch, this introduces a new configuration that all future patches need to be tested against. Because there are a significant number of configurations out in the wild, it is nearly impossible to test against every scenario which results in patches breaking features in specific scenarios and when you have billions of machines running Windows, even a small hiccup results in thousands or millions of users impacted.

By forcing companies to adopt the new model of updates, the testing process for Microsoft will become easier as the potential scenarios it must test against is significantly reduced. This, in theory, should result in fewer patches being released that break features or compromise device stability.

It’s a bold bet that this will fix the problems the company has experienced with its patching process and it looks good on paper but only time will tell if this process truly works.