Well, MS just now figured out that the .Net update for TLS creates intermittent connectivity issues for Lync. The update was released in June. I just uninstalled it.
Now how the hell would you roll back 2 or three months worth of cumulative updates? On Wed, Aug 17, 2016 at 2:20 AM, Michael Niehaus < [email protected]> wrote: > For those who are concerned about new security updates causing issues, we > do have (and have had for quite some time) a Security Update Verification > Program (SUVP), which organizations can sign up for to get advanced access > to upcoming security updates, 1-2 weeks before they are released to the > general public. This program does require an NDA agreement (since you’re > finding out about security issues before they have been publicly > disclosed). If interested, talk to your Microsoft account team. > > > > So it’s not just lab testing and millions of Insider PCs trying out new > fixes – it’s also a group of enterprises and ISVs. > > > > Thanks, > > -Michael > > > > *From:* [email protected] [mailto:listsadmin@lists. > myitforum.com] *On Behalf Of *Andreas Hammarskjöld > *Sent:* Tuesday, August 16, 2016 12:03 PM > *To:* [email protected] > *Subject:* RE: [mssms] Microsoft set to change Windows patching in a > disasterous way > > > > Agree to everything you say Cynthia. It’s called being agile. J I can > totally see the arguments for both sides. > > > > Interestingly MS copied a release pattern from Apple that Apple is now > trying to step away from as it causes too many issues. Everything goes in > cycles! Soon we are back to standard desktops, but this time they are all > AIO devices, and nobody will use tablets. > > > > MS removing the testers and letting the insiders test is a bold move. > Think it works great for home use, maybe not so much for nuclear plants. > > > > //A > > > > *From:* [email protected] [mailto:listsadmin@lists. > myitforum.com <[email protected]>] *On Behalf Of *Erno, > Cynthia M (ITS) > *Sent:* den 16 augusti 2016 19:22 > *To:* [email protected] > *Subject:* RE: [mssms] Microsoft set to change Windows patching in a > disasterous way > > > > Oh I get it. So, when we fail to apply a patch until we can manage our > domains so it doesn’t screw up our group policies or print servers or etc…, > > and we only truly find those facts out because of the people on this list > that belong to businesses that need to maintain certain certifications for > their > > business so they actually are the testers that Microsoft obviously does > not employ.. somehow Microsoft sets back and tries to judge us on that > behavior > > by putting together a little graphic? > > Want a graphic for what the new reality will be? Put together the graphic > that shows how much more unprotected our systems will be when we have > > to roll back the cumulative security patches for that month because, yet > again, Microsoft pushed something out without thinking of the impact it > > would have on business servers. > > Out of touch and arrogant does not even begin to cover where Microsoft is > with businesses that have to be up and running 24/7. > > > > *Cynthia Erno* > > > > *From:* [email protected] [mailto:listsadmin@lists. > myitforum.com <[email protected]>] *On Behalf Of *Michael > Niehaus > *Sent:* Tuesday, August 16, 2016 12:41 PM > *To:* [email protected] > *Subject:* RE: [mssms] Microsoft set to change Windows patching in a > disasterous way > > > > *ATTENTION: This email came from an external source. Do not open > attachments or click on links from unknown senders or unexpected emails.* > > Each update (MSU/CAB) has to be installed in its entirety. > > > > If you encounter any issues with an update, contact Microsoft Support > right away. They are serious about resolving issues as quickly as possible. > > > > Certainly the reasoning for making this change is simple: > > > > > > Thanks, > > -Michael > > > > *From:* [email protected] [mailto:listsadmin@lists. > myitforum.com <[email protected]>] *On Behalf Of *Andreas > Hammarskjöld > *Sent:* Tuesday, August 16, 2016 5:38 AM > *To:* [email protected] > *Subject:* RE: [mssms] Microsoft set to change Windows patching in a > disasterous way > > > > I thought this was possible? Like WUSA /u /kb:blabla? > > > > *From:* [email protected] [mailto:listsadmin@lists. > myitforum.com <[email protected]>] *On Behalf Of *Mawdsley R. > *Sent:* den 16 augusti 2016 14:16 > *To:* [email protected] > *Subject:* RE: [mssms] Microsoft set to change Windows patching in a > disasterous way > > > > Agree. It can only be a good thing if it enables us to have a more > consistent environment out there. > > > > However, It would be excellent if they could implement some way we could > install the Rollup, whilst excluding one of its subsidiaries, even > temporarily. > > > > Rich Mawdsley > > > > *From:* [email protected] [mailto:listsadmin@lists. > myitforum.com <[email protected]>] *On Behalf Of *John Aubrey > *Sent:* 16 August 2016 12:55 > *To:* [email protected] > *Subject:* RE: [mssms] Microsoft set to change Windows patching in a > disasterous way > > > > I was little uneasy about Windows 10 CU/UR whatever they call it. It’s > been going well so far. I think this is a good thing. From my > perspective, it will save me a tone of time, and make our PC’s way more > secure. Bring it on. > > *From:* [email protected] [mailto:listsadmin@lists. > myitforum.com <[email protected]>] *On Behalf Of *Marable, > Mike > *Sent:* Tuesday, August 16, 2016 7:31 AM > *To:* [email protected] > *Subject:* RE: [mssms] Microsoft set to change Windows patching in a > disasterous way > > > > I totally agree. In fact yesterday we had to pull off a security update > because it “broke” an app. So instead of the vendor fixing their app, > we’re going to allow a potential security threat? > > > > In my opinion I think this is a good thing. Give me just a single patch > each month so I don’t have to worry about 5 this month, 2 the month before, > 7 the prior month… > > > > Aaron Czechowski talked about this at MMS this last Spring. > > > > Like Andreas said, “Just my 2 cents.” > > > > Mike > > > > > > > > *From:* [email protected] [mailto:listsadmin@lists. > myitforum.com <[email protected]>] *On Behalf Of *Andreas > Hammarskjöld > *Sent:* Tuesday, August 16, 2016 2:54 AM > *To:* [email protected] > *Subject:* RE: [mssms] Microsoft set to change Windows patching in a > disasterous way > > > > This is very understandable and typicaly the way of “as-a-service” > solutions work, regardless of vendor. Doing it any other way would be too > costly & time consuming. I think we should be happy that MS is even > considering non security fixes for these operating systems! > > > > I think part of it is also to create an even bigger haystack to hide the > needles in for the security updates to delay the re-engineers finding the > actual issues from the patches that MS releases. > > > > One thing is sure, as ConfigMgr does support delta downloads of these > patches yet it will be a large file per month to download to each location. > So people that haven’t started looking at ways to peer-to-peer this should > do that… fast. With Win10 this is a 1GB DL per month per PC and counting. > > > > As per the not secure vs functionality, it’s the same as the idiots not > vaccinating their kids as they think they might get whatever from it. Go to > your vendor and tell them to fix the app. If they don’t, switch app. > > > > Unless you want to go Linux/Mac side, but thinking you have more control > there makes me laugh. > > > > Just my 2 cents. > > > > //A > > > > *From:* [email protected] [mailto:listsadmin@lists. > myitforum.com <[email protected]>] *On Behalf Of *Murray, > Mike > *Sent:* den 16 augusti 2016 01:29 > *To:* [email protected] > *Subject:* RE: [mssms] Microsoft set to change Windows patching in a > disasterous way > > > > I’ve been told “get used to it” on the patch management list. Not good > enough. I think this is ridiculous. > > > > *From:* [email protected] [mailto:listsadmin@lists. > myitforum.com <[email protected]>] *On Behalf Of *Roland > Janus > *Sent:* Monday, August 15, 2016 4:08 PM > *To:* [email protected] > *Subject:* AW: [mssms] Microsoft set to change Windows patching in a > disasterous way > > > > 1+ > > > > If they include such updates, like 3170455 which we also excluded, that’s > certainly going the mess up things.. > > > > *Von:* [email protected] [mailto:listsadmin@lists. > myitforum.com <[email protected]>] *Im Auftrag von *Miller, > Todd > *Gesendet:* Montag, 15. August 2016 22:42 > *An:* [email protected] > *Betreff:* [mssms] Microsoft set to change Windows patching in a > disasterous way > > > > https://blogs.technet.microsoft.com/windowsitpro/2016/08/15/further- > simplifying-servicing-model-for-windows-7-and-windows-8-1/ > > > > Wow, this could be a disaster. > > > > We have had 4 or 5 cases in the last 12 months where we have had to delay > the installation of a security update so that applications could be > modified to work with updates. In a couple of cases, one ongoing, > Microsoft has released a security update, then acknowledged a bug in that > update and released a fix several months later. We currently have > KB3170455 denied in our environment because it breaks point – and –print > driver installation. In the new world, I will need to decide which is > worse – no security updates for 3 months, or break printing for all > non-admin users. Currently I can decide to pull or hold an individual > patch, but it looks like that option is being removed from Windows 7 and > 8. This comes at a time where it seems like patch quality has hit a > rough patch, making this decision more troubling. > > > ------------------------------ > > Notice: This UI Health Care e-mail (including attachments) is covered by > the Electronic Communications Privacy Act, 18 U.S.C. 2510-2521 and is > intended only for the use of the individual or entity to which it is > addressed, and may contain information that is privileged, confidential, > and exempt from disclosure under applicable law. If you are not the > intended recipient, any dissemination, distribution or copying of this > communication is strictly prohibited. If you have received this > communication in error, please notify the sender immediately and delete or > destroy all copies of the original message and attachments thereto. Email > sent to or from UI Health Care may be retained as required by law or > regulation. Thank you. > ------------------------------ > > > > > > > > > > ********************************************************** > Electronic Mail is not secure, may not be read every day, and should not > be used for urgent or sensitive issues > > > > > > > > > > > > > > > >
