AW: [mssms] Microsoft set to change Windows patching in a disasterous way

[Roland Janus]

So, what’s the practical.. solution to 3170455?

 

I really see no real thread on keeping point&print working as before
compared to not being able to have network printers installed without major
hassle.

I use AD-site based GPO, whenever people move to another site they get a
central printer installed. This is just great until MS broke it for a
security improvement I can really live with.

Not having any choice is what sucks big time here.

 

-Roland

 

 

Von: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
Im Auftrag von Michael Niehaus
Gesendet: Dienstag, 16. August 2016 18:41
An: mssms@lists.myitforum.com
Betreff: RE: [mssms] Microsoft set to change Windows patching in a
disasterous way

 

Each update (MSU/CAB) has to be installed in its entirety.

 

If you encounter any issues with an update, contact Microsoft Support right
away.  They are serious about resolving issues as quickly as possible.

 

Certainly the reasoning for making this change is simple:

 



 

Thanks,

-Michael 

 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>
[mailto:listsad...@lists.myitforum.com] On Behalf Of Andreas Hammarskjöld
Sent: Tuesday, August 16, 2016 5:38 AM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: RE: [mssms] Microsoft set to change Windows patching in a
disasterous way

 

I thought this was possible? Like WUSA /u /kb:blabla?

 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>
[mailto:listsad...@lists.myitforum.com] On Behalf Of Mawdsley R.
Sent: den 16 augusti 2016 14:16
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: RE: [mssms] Microsoft set to change Windows patching in a
disasterous way

 

Agree.  It can only be a good thing if it enables us to have a more
consistent environment out there.

 

However, It would be excellent if they could implement some way we could
install the Rollup, whilst excluding one of its subsidiaries, even
temporarily.

 

Rich Mawdsley

 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>
[mailto:listsad...@lists.myitforum.com] On Behalf Of John Aubrey
Sent: 16 August 2016 12:55
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: RE: [mssms] Microsoft set to change Windows patching in a
disasterous way

 

I was little uneasy about Windows 10 CU/UR whatever they call it. It’s been
going well so far.  I think this is a good thing.  From my perspective, it
will save me a tone of time, and make our PC’s way more secure.  Bring it
on. 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>
[mailto:listsad...@lists.myitforum.com] On Behalf Of Marable, Mike
Sent: Tuesday, August 16, 2016 7:31 AM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: RE: [mssms] Microsoft set to change Windows patching in a
disasterous way

 

I totally agree.  In fact yesterday we had to pull off a security update
because it “broke” an app.  So instead of the vendor fixing their app, we’re
going to allow a potential security threat?

 

In my opinion I think this is a good thing.  Give me just a single patch
each month so I don’t have to worry about 5 this month, 2 the month before,
7 the prior month…

 

Aaron Czechowski talked about this at MMS this last Spring.



 

Like Andreas said, “Just my 2 cents.”

 

Mike

 

 

 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>
[mailto:listsad...@lists.myitforum.com] On Behalf Of Andreas Hammarskjöld
Sent: Tuesday, August 16, 2016 2:54 AM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: RE: [mssms] Microsoft set to change Windows patching in a
disasterous way

 

This is very understandable and typicaly the way of “as-a-service” solutions
work, regardless of vendor. Doing it any other way would be too costly &
time consuming. I think we should be happy that MS is even considering non
security fixes for these operating systems!

 

I think part of it is also to create an even bigger haystack to hide the
needles in for the security updates to delay the re-engineers finding the
actual issues from the patches that MS releases.

 

One thing is sure, as ConfigMgr does support delta downloads of these
patches yet it will be a large file per month to download to each location.
So people that haven’t started looking at ways to peer-to-peer this should
do that… fast. With Win10 this is a 1GB DL per month per PC and counting.

 

As per the not secure vs functionality, it’s the same as the idiots not
vaccinating their kids as they think they might get whatever from it. Go to
your vendor and tell them to fix the app. If they don’t, switch app. 

 

Unless you want to go Linux/Mac side, but thinking you have more control
there makes me laugh. 

 

Just my 2 cents.

 

//A

 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>
[mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike
Sent: den 16 augusti 2016 01:29
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: RE: [mssms] Microsoft set to change Windows patching in a
disasterous way

 

I’ve been told “get used to it” on the patch management list. Not good
enough. I think this is ridiculous.

 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>
[mailto:listsad...@lists.myitforum.com] On Behalf Of Roland Janus
Sent: Monday, August 15, 2016 4:08 PM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: AW: [mssms] Microsoft set to change Windows patching in a
disasterous way

 

1+

 

If they include such updates, like 3170455 which we also excluded, that’s
certainly going the mess up things..

 

Von: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>
[mailto:listsad...@lists.myitforum.com] Im Auftrag von Miller, Todd
Gesendet: Montag, 15. August 2016 22:42
An: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Betreff: [mssms] Microsoft set to change Windows patching in a disasterous
way

 

https://blogs.technet.microsoft.com/windowsitpro/2016/08/15/further-simplify
ing-servicing-model-for-windows-7-and-windows-8-1/

 

Wow, this could be a disaster.

 

We have had 4 or 5 cases in the last 12 months where we have had to delay
the installation of a security update so that applications could be modified
to work with updates.  In a couple of cases, one ongoing, Microsoft has
released a security update, then acknowledged a bug in that update and
released a fix several months later.  We currently have KB3170455 denied in
our environment because it breaks point – and –print driver installation.
In the new world, I will need to decide which is worse – no security updates
for 3 months, or break printing for all non-admin users.  Currently I can
decide to pull or hold an individual patch, but it looks like that option is
being removed from Windows 7 and 8.     This comes at a time where it seems
like patch quality has hit a rough patch, making this decision more
troubling.

 

  _____  

Notice: This UI Health Care e-mail (including attachments) is covered by the
Electronic Communications Privacy Act, 18 U.S.C. 2510-2521 and is intended
only for the use of the individual or entity to which it is addressed, and
may contain information that is privileged, confidential, and exempt from
disclosure under applicable law. If you are not the intended recipient, any
dissemination, distribution or copying of this communication is strictly
prohibited. If you have received this communication in error, please notify
the sender immediately and delete or destroy all copies of the original
message and attachments thereto. Email sent to or from UI Health Care may be
retained as required by law or regulation. Thank you. 

  _____  

 

 

 

 

**********************************************************
Electronic Mail is not secure, may not be read every day, and should not be
used for urgent or sensitive issues