Huge Change to Patch Tuesday -- IT Admins are Revolting [updated]
Microsoft to change how older OS installs get updates. From September, it’ll be more like the Windows 10 way of servicing.
So on the next Patch Tuesday, get set for one single rollup update. This means you’ll no longer be able to select the patches that work for you. And that’s a really good thing, because… uhh, reasons.
Well, it certainly makes Microsoft’s life easier, which is good, right? Right? In today’s IT Newspro, IT sysadmins brace for more update uncertainty, patch panic, and Tuesday terrors.
[Developing story. Updated 7:23 am ET with more comment]
What’s the craic? Mary Jo Foley knows all about how Microsoft will move to monthly patch rollups:
Patches for Windows 7, 8.1…Server 2008 and Server 2012 [will be] single rollups. … Microsoft is moving to the same…model for the .NET Framework…too.
These rollups will replace individual patches. [They] are going to include both security and reliability…patches. [They] will be published to Windows Update…WSUS…SCCM and the Microsoft Update Catalog.
As of October 2016…individual [security] patches will no longer be available. … The ultimate goal is for [the] rollups to become fully cumulative.
What if I want just the security patches? Kurt Mackie clarifies that there will be Two Update Types:
There will be two types of monthly releases. … A “monthly rollup” and a “security-only update.” … The security-only update is not going to be available through Windows Update. [And] organizations won’t be able to get security patches individually.
Organizations looking for individual…updates via the Microsoft Download Center…won’t find them there. … Microsoft [has already] started housing them…in the Microsoft Update Catalog.
Cool, so I bet infosec opinionators are happy. Right? As Richard Chirgwin notes, that zero-day is still zero-month:
Farewell to a Patch Tuesday of downloading multiple files. [But] Redmond has decided to kill off individual security patches.
[It] will reduce the chance that an update fails [due to] a dependency on a prior update. … Servicing Stack and Adobe Flash won’t be included.
Would you like to “experience” some Redmondian jargon? Microsoft’s Nathan Mercer speaks of simplifying servicing models:
Based on your feedback, today we’re announcing some new changes. … Historically, we have released individual patches…which allowed you to be selective. [But] this resulted in fragmentation.
A rollup model [has] a more consistent and simplified servicing experience…greater predictability, and higher quality updates. … Getting and staying current will also be easier [and it] will minimize administrative overhead.
Windows Update [and] WSUS will utilize express packages, keeping the…download size small. … We will also be updating our down-level documentation. … The monthly .NET…Rollup will deliver…updates to the .NET Framework versions currently installed on your machine.
So IT is basically being dragged, kicking and screaming, into Windows 10’s update style? Chris Merriman makes merry, with this epic rant: [You’re fired -Ed.]
Time to grab your indignation sticks and riot. [Microsoft] explained in some blog post blah blah…that this is an extension of the ‘Convenience Rollup’…because you’re only a sysadmin and what do you know?
So, after months of Windows 10 sysadmins complaining…they weren’t being given the transparency they needed…Microsoft has decided to take the problem away by…taking away [the] right to choose.
In other words, fixing Windows 10 by making Windows 7…worse.
What else is new? Novex sounds sorely vexed—Xbox attitudes again:
PCs just aren’t Xboxes. They are used in many different ways [so] updates need to be more finely controlled. … And that applies to…one-person businesses as well as…conglomerates.
I can see businesses simply not installing it. … How does that keep those PCs secure?
Yikes. Doesn’t anyone have something nice to say about it? JC Torres obliges, with Windows 7, 8.1 switches to monthly rollup update scheme:
In the past, Microsoft released patches piecemeal, which…makes the user’s work more burdensome. … Starting October, that all changes. … One advantage [is] it will be easy for users to get…updates even if they missed a few.
Anyone else? Yes, this guy calling himself Dilbert:
We use SCCM and before it WSUS, and patching Win 7 still takes forever. … It literally takes hours…and about 4 or 5 reboots [after] an SP1 install. … Update detection alone can run for 10 minutes. Win 7…has gotten just as bad as XP was.
Update: Yet more supportive comment. This one from Matthew Steeples:
This dramatically reduces the combinations of patches that will have to be tested…which will mean higher quality. … Yes it means that you’ll be left with an “all or nothing” approach…but done properly it will reduce the possibility of needing to roll back.
But WWPTD? Paul Thurrott says it will Dramatically Improve Windows 7/8.x Servicing:
Windows 7 updating is still very much broken. … Now, Microsoft is taking the next obvious step.
Here’s the best part: Each Monthly Rollup…will supersede the previous month’s. [So] there will always be only one update required to get your Windows up-to-date.
This is of course what Microsoft should have done in tandem with the development of Windows 10. … But it looks like they…figured out how to do right by…hundreds of millions of customers.
More great links from Petri, IT Unity, Thurrott, and abroad:
- Filtering PowerShell
- What You Need to Know About Converting Desktop Apps to UWP
- Microsoft Sunsets Azure RemoteApp
- Office Mobile Apps for iPhone Add Finger-Based Inking Support
- How to Enable Unlimited Storage in OneDrive
- Now Is a Good Time to Buy Microsoft
You have been reading IT Newspro by Richi Jennings, who curates the best bloggy bits, finest forums, and weirdest websites… so you don’t have to. Hatemail may be directed to @RiCHi or [email protected]. Ask your doctor before reading. Your mileage may vary. E&OE.
Main image credit: Le Web (cc:by)