To be fair, the new model is still offering security updates separate from the update rollups, with non-cumulative security updates each month. If you only want security patches, you can install the security updates each month. If you absolutely have to skip a specific security update for some reason, you could skip a single month's security update and still install the next month's. It brings back the partially patched issue displayed so well by the graphics earlier in this thread, but it is an option. It potentially leaves other vulnerabilities unpatched, which were addressed in the skipped bundle. Still, it's not as bad as some here seem to think.
Steve On Wed, Aug 17, 2016 at 6:15 AM, Stuart Watret <[email protected]> wrote: > i think you are right, more unprotected systems will be the reality. > > It’s a terrible idea given the appalling qa testing done on patches; it > seems every month we have an issue. > > On 16 Aug 2016, at 18:22, Erno, Cynthia M (ITS) <[email protected]> > wrote: > > Oh I get it. So, when we fail to apply a patch until we can manage our > domains so it doesn’t screw up our group policies or print servers or etc…, > and we only truly find those facts out because of the people on this list > that belong to businesses that need to maintain certain certifications for > their > business so they actually are the testers that Microsoft obviously does > not employ.. somehow Microsoft sets back and tries to judge us on that > behavior > by putting together a little graphic? > Want a graphic for what the new reality will be? Put together the graphic > that shows how much more unprotected our systems will be when we have > to roll back the cumulative security patches for that month because, yet > again, Microsoft pushed something out without thinking of the impact it > would have on business servers. > Out of touch and arrogant does not even begin to cover where Microsoft is > with businesses that have to be up and running 24/7. > > *Cynthia Erno* > > *From:* [email protected] [mailto: > [email protected] <[email protected]>]*On > Behalf Of *Michael Niehaus > *Sent:* Tuesday, August 16, 2016 12:41 PM > *To:* [email protected] > *Subject:* RE: [mssms] Microsoft set to change Windows patching in a > disasterous way > > > *ATTENTION: This email came from an external source. Do not open > attachments or click on links from unknown senders or unexpected emails.* > Each update (MSU/CAB) has to be installed in its entirety. > > If you encounter any issues with an update, contact Microsoft Support > right away. They are serious about resolving issues as quickly as possible. > > Certainly the reasoning for making this change is simple: > > <image002.jpg> > > Thanks, > -Michael > > *From:* [email protected] [mailto: > [email protected] <[email protected]>]*On > Behalf Of *Andreas Hammarskjöld > *Sent:* Tuesday, August 16, 2016 5:38 AM > *To:* [email protected] > *Subject:* RE: [mssms] Microsoft set to change Windows patching in a > disasterous way > > I thought this was possible? Like WUSA /u /kb:blabla? > > *From:* [email protected] [mailto: > [email protected] <[email protected]>]*On > Behalf Of *Mawdsley R. > *Sent:* den 16 augusti 2016 14:16 > *To:* [email protected] > *Subject:* RE: [mssms] Microsoft set to change Windows patching in a > disasterous way > > Agree. It can only be a good thing if it enables us to have a more > consistent environment out there. > > However, It would be excellent if they could implement some way we could > install the Rollup, whilst excluding one of its subsidiaries, even > temporarily. > > Rich Mawdsley > > *From:* [email protected] [mailto: > [email protected] <[email protected]>]*On > Behalf Of *John Aubrey > *Sent:* 16 August 2016 12:55 > *To:* [email protected] > *Subject:* RE: [mssms] Microsoft set to change Windows patching in a > disasterous way > > I was little uneasy about Windows 10 CU/UR whatever they call it. It’s > been going well so far. I think this is a good thing. From my > perspective, it will save me a tone of time, and make our PC’s way more > secure. Bring it on. > *From:* [email protected] [mailto: > [email protected] <[email protected]>]*On > Behalf Of *Marable, Mike > *Sent:* Tuesday, August 16, 2016 7:31 AM > *To:* [email protected] > *Subject:* RE: [mssms] Microsoft set to change Windows patching in a > disasterous way > > I totally agree. In fact yesterday we had to pull off a security update > because it “broke” an app. So instead of the vendor fixing their app, > we’re going to allow a potential security threat? > > In my opinion I think this is a good thing. Give me just a single patch > each month so I don’t have to worry about 5 this month, 2 the month before, > 7 the prior month… > > Aaron Czechowski talked about this at MMS this last Spring. > <image004.jpg> > > Like Andreas said, “Just my 2 cents.” > > Mike > > > > *From:* [email protected] [mailto: > [email protected] <[email protected]>]*On > Behalf Of *Andreas Hammarskjöld > *Sent:* Tuesday, August 16, 2016 2:54 AM > *To:* [email protected] > *Subject:* RE: [mssms] Microsoft set to change Windows patching in a > disasterous way > > This is very understandable and typicaly the way of “as-a-service” > solutions work, regardless of vendor. Doing it any other way would be too > costly & time consuming. I think we should be happy that MS is even > considering non security fixes for these operating systems! > > I think part of it is also to create an even bigger haystack to hide the > needles in for the security updates to delay the re-engineers finding the > actual issues from the patches that MS releases. > > One thing is sure, as ConfigMgr does support delta downloads of these > patches yet it will be a large file per month to download to each location. > So people that haven’t started looking at ways to peer-to-peer this should > do that… fast. With Win10 this is a 1GB DL per month per PC and counting. > > As per the not secure vs functionality, it’s the same as the idiots not > vaccinating their kids as they think they might get whatever from it. Go to > your vendor and tell them to fix the app. If they don’t, switch app. > > Unless you want to go Linux/Mac side, but thinking you have more control > there makes me laugh. > > Just my 2 cents. > > //A > > *From:* [email protected] [mailto: > [email protected] <[email protected]>]*On > Behalf Of *Murray, Mike > *Sent:* den 16 augusti 2016 01:29 > *To:* [email protected] > *Subject:* RE: [mssms] Microsoft set to change Windows patching in a > disasterous way > > I’ve been told “get used to it” on the patch management list. Not good > enough. I think this is ridiculous. > > *From:* [email protected] [mailto: > [email protected] <[email protected]>]*On > Behalf Of *Roland Janus > *Sent:* Monday, August 15, 2016 4:08 PM > *To:* [email protected] > *Subject:* AW: [mssms] Microsoft set to change Windows patching in a > disasterous way > > 1+ > > If they include such updates, like 3170455 which we also excluded, that’s > certainly going the mess up things.. > > *Von:* [email protected] [mailto: > [email protected] <[email protected]>]*Im > Auftrag von *Miller, Todd > *Gesendet:* Montag, 15. August 2016 22:42 > *An:* [email protected] > *Betreff:* [mssms] Microsoft set to change Windows patching in a > disasterous way > > https://blogs.technet.microsoft.com/windowsitpro/2016/08/15/further- > simplifying-servicing-model-for-windows-7-and-windows-8-1/ > > Wow, this could be a disaster. > > We have had 4 or 5 cases in the last 12 months where we have had to delay > the installation of a security update so that applications could be > modified to work with updates. In a couple of cases, one ongoing, > Microsoft has released a security update, then acknowledged a bug in that > update and released a fix several months later. We currently have > KB3170455 denied in our environment because it breaks point – and –print > driver installation. In the new world, I will need to decide which is > worse – no security updates for 3 months, or break printing for all > non-admin users. Currently I can decide to pull or hold an individual > patch, but it looks like that option is being removed from Windows 7 and > 8. This comes at a time where it seems like patch quality has hit a > rough patch, making this decision more troubling. > > > ------------------------------ > Notice: This UI Health Care e-mail (including attachments) is covered by > the Electronic Communications Privacy Act, 18 U.S.C. 2510-2521 and is > intended only for the use of the individual or entity to which it is > addressed, and may contain information that is privileged, confidential, > and exempt from disclosure under applicable law. If you are not the > intended recipient, any dissemination, distribution or copying of this > communication is strictly prohibited. If you have received this > communication in error, please notify the sender immediately and delete or > destroy all copies of the original message and attachments thereto. Email > sent to or from UI Health Care may be retained as required by law or > regulation. Thank you. > ------------------------------ > > > > > > ********************************************************** > Electronic Mail is not secure, may not be read every day, and should not > be used for urgent or sensitive issues > > > >
