Security updates will be next. Same as they did for IE. On Wed, Aug 17, 2016 at 6:52 AM, Steve Whitcher <[email protected]> wrote:
> To be fair, the new model is still offering security updates separate from > the update rollups, with non-cumulative security updates each month. If > you only want security patches, you can install the security updates each > month. If you absolutely have to skip a specific security update for some > reason, you could skip a single month's security update and still install > the next month's. It brings back the partially patched issue displayed so > well by the graphics earlier in this thread, but it is an option. It > potentially leaves other vulnerabilities unpatched, which were addressed in > the skipped bundle. Still, it's not as bad as some here seem to think. > > Steve > > On Wed, Aug 17, 2016 at 6:15 AM, Stuart Watret <[email protected]> > wrote: > >> i think you are right, more unprotected systems will be the reality. >> >> It’s a terrible idea given the appalling qa testing done on patches; it >> seems every month we have an issue. >> >> On 16 Aug 2016, at 18:22, Erno, Cynthia M (ITS) <[email protected]> >> wrote: >> >> Oh I get it. So, when we fail to apply a patch until we can manage our >> domains so it doesn’t screw up our group policies or print servers or etc…, >> and we only truly find those facts out because of the people on this list >> that belong to businesses that need to maintain certain certifications for >> their >> business so they actually are the testers that Microsoft obviously does >> not employ.. somehow Microsoft sets back and tries to judge us on that >> behavior >> by putting together a little graphic? >> Want a graphic for what the new reality will be? Put together the >> graphic that shows how much more unprotected our systems will be when we >> have >> to roll back the cumulative security patches for that month because, yet >> again, Microsoft pushed something out without thinking of the impact it >> would have on business servers. >> Out of touch and arrogant does not even begin to cover where Microsoft is >> with businesses that have to be up and running 24/7. >> >> *Cynthia Erno* >> >> *From:* [email protected] [mailto:listsadmin@ >> lists.myitforum.com <[email protected]>]*On Behalf Of *Michael >> Niehaus >> *Sent:* Tuesday, August 16, 2016 12:41 PM >> *To:* [email protected] >> *Subject:* RE: [mssms] Microsoft set to change Windows patching in a >> disasterous way >> >> >> *ATTENTION: This email came from an external source. Do not open >> attachments or click on links from unknown senders or unexpected emails.* >> Each update (MSU/CAB) has to be installed in its entirety. >> >> If you encounter any issues with an update, contact Microsoft Support >> right away. They are serious about resolving issues as quickly as possible. >> >> Certainly the reasoning for making this change is simple: >> >> <image002.jpg> >> >> Thanks, >> -Michael >> >> *From:* [email protected] [mailto:listsadmin@ >> lists.myitforum.com <[email protected]>]*On Behalf Of *Andreas >> Hammarskjöld >> *Sent:* Tuesday, August 16, 2016 5:38 AM >> *To:* [email protected] >> *Subject:* RE: [mssms] Microsoft set to change Windows patching in a >> disasterous way >> >> I thought this was possible? Like WUSA /u /kb:blabla? >> >> *From:* [email protected] [mailto:listsadmin@ >> lists.myitforum.com <[email protected]>]*On Behalf Of *Mawdsley >> R. >> *Sent:* den 16 augusti 2016 14:16 >> *To:* [email protected] >> *Subject:* RE: [mssms] Microsoft set to change Windows patching in a >> disasterous way >> >> Agree. It can only be a good thing if it enables us to have a more >> consistent environment out there. >> >> However, It would be excellent if they could implement some way we could >> install the Rollup, whilst excluding one of its subsidiaries, even >> temporarily. >> >> Rich Mawdsley >> >> *From:* [email protected] [mailto:listsadmin@ >> lists.myitforum.com <[email protected]>]*On Behalf Of *John >> Aubrey >> *Sent:* 16 August 2016 12:55 >> *To:* [email protected] >> *Subject:* RE: [mssms] Microsoft set to change Windows patching in a >> disasterous way >> >> I was little uneasy about Windows 10 CU/UR whatever they call it. It’s >> been going well so far. I think this is a good thing. From my >> perspective, it will save me a tone of time, and make our PC’s way more >> secure. Bring it on. >> *From:* [email protected] [mailto:listsadmin@ >> lists.myitforum.com <[email protected]>]*On Behalf Of *Marable, >> Mike >> *Sent:* Tuesday, August 16, 2016 7:31 AM >> *To:* [email protected] >> *Subject:* RE: [mssms] Microsoft set to change Windows patching in a >> disasterous way >> >> I totally agree. In fact yesterday we had to pull off a security update >> because it “broke” an app. So instead of the vendor fixing their app, >> we’re going to allow a potential security threat? >> >> In my opinion I think this is a good thing. Give me just a single patch >> each month so I don’t have to worry about 5 this month, 2 the month before, >> 7 the prior month… >> >> Aaron Czechowski talked about this at MMS this last Spring. >> <image004.jpg> >> >> Like Andreas said, “Just my 2 cents.” >> >> Mike >> >> >> >> *From:* [email protected] [mailto:listsadmin@ >> lists.myitforum.com <[email protected]>]*On Behalf Of *Andreas >> Hammarskjöld >> *Sent:* Tuesday, August 16, 2016 2:54 AM >> *To:* [email protected] >> *Subject:* RE: [mssms] Microsoft set to change Windows patching in a >> disasterous way >> >> This is very understandable and typicaly the way of “as-a-service” >> solutions work, regardless of vendor. Doing it any other way would be too >> costly & time consuming. I think we should be happy that MS is even >> considering non security fixes for these operating systems! >> >> I think part of it is also to create an even bigger haystack to hide the >> needles in for the security updates to delay the re-engineers finding the >> actual issues from the patches that MS releases. >> >> One thing is sure, as ConfigMgr does support delta downloads of these >> patches yet it will be a large file per month to download to each location. >> So people that haven’t started looking at ways to peer-to-peer this should >> do that… fast. With Win10 this is a 1GB DL per month per PC and counting. >> >> As per the not secure vs functionality, it’s the same as the idiots not >> vaccinating their kids as they think they might get whatever from it. Go to >> your vendor and tell them to fix the app. If they don’t, switch app. >> >> Unless you want to go Linux/Mac side, but thinking you have more control >> there makes me laugh. >> >> Just my 2 cents. >> >> //A >> >> *From:* [email protected] [mailto:listsadmin@ >> lists.myitforum.com <[email protected]>]*On Behalf Of *Murray, >> Mike >> *Sent:* den 16 augusti 2016 01:29 >> *To:* [email protected] >> *Subject:* RE: [mssms] Microsoft set to change Windows patching in a >> disasterous way >> >> I’ve been told “get used to it” on the patch management list. Not good >> enough. I think this is ridiculous. >> >> *From:* [email protected] [mailto:listsadmin@ >> lists.myitforum.com <[email protected]>]*On Behalf Of *Roland >> Janus >> *Sent:* Monday, August 15, 2016 4:08 PM >> *To:* [email protected] >> *Subject:* AW: [mssms] Microsoft set to change Windows patching in a >> disasterous way >> >> 1+ >> >> If they include such updates, like 3170455 which we also excluded, that’s >> certainly going the mess up things.. >> >> *Von:* [email protected] [mailto:listsadmin@ >> lists.myitforum.com <[email protected]>]*Im Auftrag von *Miller, >> Todd >> *Gesendet:* Montag, 15. August 2016 22:42 >> *An:* [email protected] >> *Betreff:* [mssms] Microsoft set to change Windows patching in a >> disasterous way >> >> https://blogs.technet.microsoft.com/windowsitpro/2016/08/15/ >> further-simplifying-servicing-model-for-windows-7-and-windows-8-1/ >> >> Wow, this could be a disaster. >> >> We have had 4 or 5 cases in the last 12 months where we have had to delay >> the installation of a security update so that applications could be >> modified to work with updates. In a couple of cases, one ongoing, >> Microsoft has released a security update, then acknowledged a bug in that >> update and released a fix several months later. We currently have >> KB3170455 denied in our environment because it breaks point – and –print >> driver installation. In the new world, I will need to decide which is >> worse – no security updates for 3 months, or break printing for all >> non-admin users. Currently I can decide to pull or hold an individual >> patch, but it looks like that option is being removed from Windows 7 and >> 8. This comes at a time where it seems like patch quality has hit a >> rough patch, making this decision more troubling. >> >> >> ------------------------------ >> Notice: This UI Health Care e-mail (including attachments) is covered by >> the Electronic Communications Privacy Act, 18 U.S.C. 2510-2521 and is >> intended only for the use of the individual or entity to which it is >> addressed, and may contain information that is privileged, confidential, >> and exempt from disclosure under applicable law. If you are not the >> intended recipient, any dissemination, distribution or copying of this >> communication is strictly prohibited. If you have received this >> communication in error, please notify the sender immediately and delete or >> destroy all copies of the original message and attachments thereto. Email >> sent to or from UI Health Care may be retained as required by law or >> regulation. Thank you. >> ------------------------------ >> >> >> >> >> >> ********************************************************** >> Electronic Mail is not secure, may not be read every day, and should not >> be used for urgent or sensitive issues >> >> >> >> > >
