I understand their reasoning behind it, and I like the concept, but it seems to me that there have been too many problematic patches lately for this to work out well. I know there have been a few within the last year or so that I've had to pull, albeit at least one of those was for Office if I recall correctly. Most recently, I've had to block deployment of recent update rollups kb3161608 and kb3172605 after testing determined that they break intel bluetooth drivers. Those aren't security updates, but they are exactly the type of rollup that this new update method is based on.
Fortunately, Intel has finally released a driver update that is supposed to fix their issue, but that doesn't stop this sort of thing from happening in the future. Steve On Tue, Aug 16, 2016 at 6:31 AM, Marable, Mike <[email protected]> wrote: > I totally agree. In fact yesterday we had to pull off a security update > because it “broke” an app. So instead of the vendor fixing their app, > we’re going to allow a potential security threat? > > > > In my opinion I think this is a good thing. Give me just a single patch > each month so I don’t have to worry about 5 this month, 2 the month before, > 7 the prior month… > > > > Aaron Czechowski talked about this at MMS this last Spring. > > > > Like Andreas said, “Just my 2 cents.” > > > > Mike > > > > > > > > *From:* [email protected] [mailto:listsadmin@lists. > myitforum.com] *On Behalf Of *Andreas Hammarskjöld > *Sent:* Tuesday, August 16, 2016 2:54 AM > > *To:* [email protected] > *Subject:* RE: [mssms] Microsoft set to change Windows patching in a > disasterous way > > > > This is very understandable and typicaly the way of “as-a-service” > solutions work, regardless of vendor. Doing it any other way would be too > costly & time consuming. I think we should be happy that MS is even > considering non security fixes for these operating systems! > > > > I think part of it is also to create an even bigger haystack to hide the > needles in for the security updates to delay the re-engineers finding the > actual issues from the patches that MS releases. > > > > One thing is sure, as ConfigMgr does support delta downloads of these > patches yet it will be a large file per month to download to each location. > So people that haven’t started looking at ways to peer-to-peer this should > do that… fast. With Win10 this is a 1GB DL per month per PC and counting. > > > > As per the not secure vs functionality, it’s the same as the idiots not > vaccinating their kids as they think they might get whatever from it. Go to > your vendor and tell them to fix the app. If they don’t, switch app. > > > > Unless you want to go Linux/Mac side, but thinking you have more control > there makes me laugh. > > > > Just my 2 cents. > > > > //A > > > > *From:* [email protected] [mailto:listsadmin@lists. > myitforum.com <[email protected]>] *On Behalf Of *Murray, > Mike > *Sent:* den 16 augusti 2016 01:29 > *To:* [email protected] > *Subject:* RE: [mssms] Microsoft set to change Windows patching in a > disasterous way > > > > I’ve been told “get used to it” on the patch management list. Not good > enough. I think this is ridiculous. > > > > *From:* [email protected] [mailto:listsadmin@lists. > myitforum.com <[email protected]>] *On Behalf Of *Roland > Janus > *Sent:* Monday, August 15, 2016 4:08 PM > *To:* [email protected] > *Subject:* AW: [mssms] Microsoft set to change Windows patching in a > disasterous way > > > > 1+ > > > > If they include such updates, like 3170455 which we also excluded, that’s > certainly going the mess up things.. > > > > *Von:* [email protected] [mailto:listsadmin@lists. > myitforum.com <[email protected]>] *Im Auftrag von *Miller, > Todd > *Gesendet:* Montag, 15. August 2016 22:42 > *An:* [email protected] > *Betreff:* [mssms] Microsoft set to change Windows patching in a > disasterous way > > > > https://blogs.technet.microsoft.com/windowsitpro/2016/08/15/further- > simplifying-servicing-model-for-windows-7-and-windows-8-1/ > > > > Wow, this could be a disaster. > > > > We have had 4 or 5 cases in the last 12 months where we have had to delay > the installation of a security update so that applications could be > modified to work with updates. In a couple of cases, one ongoing, > Microsoft has released a security update, then acknowledged a bug in that > update and released a fix several months later. We currently have > KB3170455 denied in our environment because it breaks point – and –print > driver installation. In the new world, I will need to decide which is > worse – no security updates for 3 months, or break printing for all > non-admin users. Currently I can decide to pull or hold an individual > patch, but it looks like that option is being removed from Windows 7 and > 8. This comes at a time where it seems like patch quality has hit a > rough patch, making this decision more troubling. > > > ------------------------------ > > Notice: This UI Health Care e-mail (including attachments) is covered by > the Electronic Communications Privacy Act, 18 U.S.C. 2510-2521 and is > intended only for the use of the individual or entity to which it is > addressed, and may contain information that is privileged, confidential, > and exempt from disclosure under applicable law. If you are not the > intended recipient, any dissemination, distribution or copying of this > communication is strictly prohibited. If you have received this > communication in error, please notify the sender immediately and delete or > destroy all copies of the original message and attachments thereto. Email > sent to or from UI Health Care may be retained as required by law or > regulation. Thank you. > ------------------------------ > > > > > > > > > > ********************************************************** > Electronic Mail is not secure, may not be read every day, and should not > be used for urgent or sensitive issues > >
