With the new monthly rollups coming (for W7/W8.1), wouldn't the discussion be :- Me: "Hey, you have 1 patch that isn't being applied"Them: "Yeah, we better get on that" This is just how W10 & Office 365 is now ... (generally) 1 rollup only. Agree "I think this change on Microsoft's part is going to make it easier for organizations to push back on whoever is keeping them from installing a patch." The 52 / 50+ updates being referred to by someone somewhere in this thread are for Office 2013/2016, not W7/W8.1. As per Jason ... "Updates for Office are not affected by what’s being discussed in this thread." They were published at a different day only for last month, as per MS guidance. https://blogs.technet.microsoft.com/office_sustained_engineering/2016/08/09/august-2016-office-update-release/ https://blogs.technet.microsoft.com/odsupport/2016/03/29/changes-to-monthly-public-updates-schedule-for-msi-based-updates/ So nothing has changed for Office 2013/2016 updates, there are always many individual updates published per month. Stick to normal monthly processes. Or move to Office 365 :-) Shane
From: [email protected] Date: Thu, 25 Aug 2016 15:29:59 +0000 Subject: Re: [mssms] Microsoft set to change Windows patching in a disasterous way To: [email protected] I've had this conversation multiple times with multiple organizations: Me: "Hey, I see you aren't pushing these 5 patches"Them: "Yeah, they break things in our environment"Me: "What are you doing to fix the problem so you can push them out?"Them: "The fix is to not push them out" Now, *hopefully* the discussion will be a little different Me: "Hey, you have 50+ patches that aren't being applied"Them: "Yeah, we better get on that" If the damage of incompatible software with a patch is a lot larger, you're more likely to fix the problem. I do see your point, but you're saying this is a bad idea assuming nothing is else is going to change in either your organization or 3rd party vendors. I hope vendors are going to release fixes for their products quickly now that it's going to cause a problem with 10 patches rather than 1. We'll see, but I think this change on Microsoft's part is going to make it easier for organizations to push back on whoever is keeping them from installing a patch. On Thu, Aug 25, 2016 at 7:29 AM Bruce Hethcote <[email protected]> wrote: Some additional notes to add to Ed’s comments, which I generally agree with: · The overall satisfaction score only applies to the engineer that closed the case (the one that potentially ended it well) - not the one (or ones) that got it started badly. · Anything less than Very Satisfied is basically considered a failure for that engineer. · Calling out a good engineer on a bad survey (especially in cases where multiple engineers are involved) provides little to no benefit other than maybe a pat on the back. · Because the engineers do have their manager’s email address in their tagline, provide positive feedback directly to their manager in the case of a negative “process” survey. That does actually carry some weight. I mention this only so you are aware of who takes the rap because of a survey result (Been there, done that, the t-shirts went to Goodwill). That being said, if dissatisfied or very dissatisfied truly apply, by all means, use them. Bruce Hethcote | Training Manager From: [email protected] [mailto:[email protected] m.com] On Behalf Of Ed Aldrich Sent: Wednesday, August 24, 2016 4:00 PM To: [email protected] Subject: RE: [mssms] Microsoft set to change Windows patching in a disasterous way Here are a few things for you all to keep in mind when dealing with Support that you may not be aware of, and how you can maybe get your voice heard better… - Always take the case survey. The overall satisfaction response is weighted most heavily. Personally I’d go so far to say that if a call started poorly but ended well, still report an overall dissatisfied rating (but call out the good engineer in the verbatim comments section). - A very small victory for IT Pro support: Every support engineer has their manager’s email address in their tagline. Now, those front line managers will also have their direct manager in their email tag line. This gives you a little more opportunity for escalation or feedback several layers up the food chain when things are going south. Don’t be afraid to escalate an issue if you think it’s appropriate! #SqueakywheelAndgrease I can guarantee you that there are a lot of people behind the scenes in the Support organization who are very heavily invested in making the system work well for everybody. They can only do so, however, if they are aware of issues so they can initiate remedial action… The above bullets is a great way to get that feedback in front of those whose job it is to make things better. Ed Aldrich Mobile: (401) 924-2293 [email protected] | www.1e.com Ent Cli Mgmt (2003-2016) From: [email protected] [mailto:[email protected]] On Behalf Of Marcum, John Sent: Tuesday, August 23, 2016 8:41 AM To: [email protected] Subject: RE: [mssms] Microsoft set to change Windows patching in a disasterous way All of the guys at that level are good! You can, and I do, pay to go directly to them and skip the lower levels of support. Anyone who considers their MS products critical should add that option to their support agreement. From: [email protected] [mailto:[email protected]] On Behalf Of Roland Janus Sent: Monday, August 22, 2016 6:58 PM To: [email protected] Subject: AW: [mssms] Microsoft set to change Windows patching in a disasterous way Can those be requested to work on a case? J Von: [email protected] [mailto:[email protected]] Im Auftrag von Daniel Ratliff Gesendet: Montag, 22. August 2016 21:09 An: [email protected] Betreff: RE: [mssms] Microsoft set to change Windows patching in a disasterous way Vinay Pamnani, Frank Rojas, a few other notable SEEs. Daniel Ratliff From: [email protected] [mailto:[email protected]] On Behalf Of Roland Janus Sent: Monday, August 22, 2016 2:40 PM To: [email protected] Subject: AW: [mssms] Microsoft set to change Windows patching in a disasterous way Tell me more..? Von: [email protected] [mailto:[email protected]] Im Auftrag von Todd Hemsell Gesendet: Montag, 22. August 2016 19:46 An: [email protected] Betreff: Re: [mssms] Microsoft set to change Windows patching in a disasterous way Unless you get Vinay. On Sat, Aug 20, 2016 at 11:04 AM, Roland Janus <[email protected]> wrote: Have you dealt with the regular support lately? Nightmare, pointless in most cases. Von: [email protected] [mailto:[email protected]] Im Auftrag von Marcum, John Gesendet: Freitag, 19. August 2016 14:46 An: [email protected] Betreff: RE: [mssms] Microsoft set to change Windows patching in a disasterous way Who the heck doesn’t have any kind of support agreement with MS? From: [email protected] [mailto:[email protected]] On Behalf Of Jason Sandys Sent: Thursday, August 18, 2016 10:57 PM To: [email protected] Subject: RE: [mssms] Microsoft set to change Windows patching in a disasterous way You’re right, the metaphor isn’t perfect, but you’re taking it too far. There are many things that are the cost of doing business, insurance, gas/petrol, oil, tires, etc., etc. If you are going to have a vehicle, you *must* expect to pay for these regardless of where they come from. That’s the point here. Not expecting to have maintenance costs is just a bad conclusion. But once again, as noted, it’s it’s a bug in a Microsoft product, you don’t pay for it. J From: [email protected] [mailto:[email protected]] On Behalf Of Lindenfeld, Ivan Sent: Thursday, August 18, 2016 4:38 PM To: [email protected] Subject: RE: [mssms] Microsoft set to change Windows patching in a disasterous way Your metaphor is invalid. The automaker has no ongoing control over any processes on that truck. Microsoft has ongoing influence on the patching process. We essentially rebuy the car every month. Ivan From: [email protected] [mailto:[email protected]] On Behalf Of Jason Sandys Sent: Thursday, August 18, 2016 5:00 PM To: [email protected] Subject: RE: [mssms] Microsoft set to change Windows patching in a disasterous way As noted, if it’s a bug, you will be refunded or not charged in the first place. This is a cost of doing business. If your business relies on a truck and that truck breaks down for whatever reason, do you blame the auto-maker and expect them to pay to have the truck towed, fixed, and returned to you? No way. J From: [email protected] [mailto:[email protected]] On Behalf Of Wolf, Daniel Sent: Thursday, August 18, 2016 11:13 AM To: [email protected] Subject: RE: [mssms] Microsoft set to change Windows patching in a disasterous way Opening a Microsoft support case costs $500 and a credit card. I don’t have a company credit card, or $500. Daniel Wolf From: [email protected] [mailto:[email protected]] On Behalf Of Jason Sandys Sent: Thursday, August 18, 2016 4:39 AM To: [email protected] Subject: RE: [mssms] Microsoft set to change Windows patching in a disasterous way > “Fair enough, although I still don’t want to patch twice a month and MS could > move them to patch Tuesday without any real issues.” It’s *never* been like this though. That’s a completely different change that you are talking about. > “I have to choose between two bad choices” You’re already doing that today though. And, if you haven’t opened a support case, then you are further making another bad choice, albeit a passive choice, but a choice nonetheless. I’m not missing the point at all. I fully acknowledge that this puts a different spin on how patches are deployed and handled in an enterprise environment. In the long run however (and hopefully the short-run), this should not only increase patch reliability because testing (both internal to Microsoft as well as customer testing and validation and vendor testing and validation) can be more thorough but it will/should also incentivize both Microsoft as well as vendors to fix what’s broken quicker. Consistent baselines make life easier for everyone non matter what the context is. Fixing the problem is the best choice, not ignoring it. What does this mean in reality? Well, that’s honestly TBD but I don’t see this honestly changing much except forcing folks to be more proactive instead of reactionary; i.e., actually testing updates and opening support cases (cases caused by bugs are either refunded or are at no cost). Could this cause pain? Well, you already have pain because of a patch causing some unintended issue, correct? This doesn’t change that one way or another. Does it seem like a sucky choice to be all or nothing? Yes, I don’t disagree that that’s what it seems like. But I think the pros for this far away the cons by simplifying patch management for everyone involved from the deployment folks to the testers. J From: [email protected] [mailto:[email protected]] On Behalf Of Roland Janus Sent: Thursday, August 18, 2016 2:37 AM To: [email protected] Subject: AW: [mssms] Microsoft set to change Windows patching in a disasterous way >“Because patch Tuesday has only ever been about security and critical updates >so this isn’t breaking anything. You’ve made a couple of bad assumptions.” Fair enough, although I still don’t want to patch twice a month and MS could move them to patch Tuesday without any real issues. You’re still missing the point. All or nothing could mean secure or everything is still working. As proven. If a critical update is part of the updates, already used in the wild and required to be installed now and one like 3170455 which is not that important (yes, IMO), I have to choose between two bad choices. Break functionality for sure or potentially have a risk for the environment. Potentially an issue or for sure is what this is about. For 3170455 a month passed by and it is still broken. MS gives us a solution for those cases we’re happy campers, now it just makes our live more complicated. -R Von: [email protected] [mailto:[email protected]] Im Auftrag von Jason Sandys Gesendet: Donnerstag, 18. August 2016 02:39 An: [email protected] Betreff: RE: [mssms] Microsoft set to change Windows patching in a disasterous way Because patch Tuesday has only ever been about security and critical updates so this isn’t breaking anything. You’ve made a couple of bad assumptions. > “What you’re saying is apply everything and hope nothing breaks and if it > does fix it afterwards?” That’s always been the model as there simply is no way to prevent bugs. Each thing that breaks is unique, there’s no magic to address that. Opening the support case is the option. *Everyone* benefits as there is less overall testing required and a better baseline to work from. Configuration drift has *always* been an issue in every environment. Every time there is something different on a system you introduce another permutation and another set of things to go wrong. Keeping a consistent patch level across the board eliminates that from creating any additional permutations. If you are seriously testing something, anything, how many permutations do you want to test against? Anyone who’s done any serious testing knows immediately that the less permutations, the faster it is test and faster to certify that something is working correctly. Variation introduces risk. Ask your other vendors why they don’t support certain things? I’ve had customer with LOB vendors tell them crazy things like they only support Win 7 Pro and not Win 7 Enterprise. Although this specific example is misguided, it’s not unusual and is being done for the exact same reason – reducing the variations that need to be tested so that they can better support their product and the customer. J From: [email protected] [mailto:[email protected]] On Behalf Of Roland Janus Sent: Wednesday, August 17, 2016 6:30 PM To: [email protected] Subject: AW: [mssms] Microsoft set to change Windows patching in a disasterous way So, why break patch Tuesday schedule then if those could have been delayed? Anyway, without a severity important enough they will have to wait so I don’t bother users twice every month which is way those could have been delayed. What you’re saying is apply everything and hope nothing breaks and if it does fix it afterwards? That’s the model we’re going to get, either everything is secure or it potentially breaks stuff. Again, that’s not how business works, not if the issue is basically negligible (to mention 3170455 again as a perfect example) and yes, I for myself want to determine that and not have to choose between all or nothing, secure or working. I noticed that 3170455 caused it, so I’ve excluded it after the pilot group and the comment in the net. How is that going to work with the new approach? It isn’t, it just breaks and in that case there is no practical solution, point&print is just broken. I’m really not sure who benefits more from that approach, MS or the customer? We can go over this over and over, it’s going to happen regardless and upset customers regardless, obviously.. -R Von: [email protected] [mailto:[email protected]] Im Auftrag von Jason Sandys Gesendet: Mittwoch, 17. August 2016 23:11 An: [email protected] Betreff: RE: [mssms] Microsoft set to change Windows patching in a disasterous way Non-security updates don’t have severities. Updates for Office are not affected by what’s being discussed in this thread. One other point that I in general disagree with that is being used as a banner in this thread is that some is better than none. If I lock some of the windows and doors in my house but not all them, my house is still not secure. “Secure” is certainly subjective and is a process not a state of being, but saying that I’m selectively patching is sufficient simply being naïve about the threats that exist in the world today. Code red (which was more than 10 years ago) was a perfect example of an exploit fixed by Microsoft that most folks never deployed and cost lots of money for lots of organizations. Exploits and bugs will always exist – there are simply far too many variables and permutations involved. These are two of the best slides I’ve ever seen (these are from a Chris Jackson App Compat session at MMS 2013 although he’s used them other times as well): The point here is that you/they can never ever test everything – they can’t even come close in a million years so suggesting it’s about money is simply naïve as well. What they are trying to do, which is clearly depicted in the slide that Michael previously posted, is reduce the permutations so that it is possible for them to more fully test. And honestly, if your LOB breaks, isn’t that the LOB vendors responsibility? If your car breaks down, is that because the road is broken? If there was as much passion about keeping LOB vendors in line as there is bashing on Microsoft, then this would be much less of an issue. Does this new patching model present challenges? Yes. There’s no denying that. Do you really think that patching is perfect now though? IMO, this solves far more issues than it creates and puts the onus for testing where it should be, the vendors who aren’t being responsible for their software. Sometimes, that’s other product groups within Microsoft for sure. And, there’s also this underlying premise here that no one has any other issues in their environment or with their applications and that bad patches have caused all of their pain. Bugs have always been there, and always will be. Open support cases when you find issues, be a part of the solution instead of bemoaning the fact that bugs exist. J From: [email protected] [mailto:[email protected]] On Behalf Of Roland Janus Sent: Wednesday, August 17, 2016 3:36 PM To: [email protected] Subject: AW: [mssms] Microsoft set to change Windows patching in a disasterous way Looking at what showed up yesterday: (We don’t have that many clients yet, hence only 95) The “none” is the severity which makes this even more nuts. One week after patch Tuesday new updates show up which most likely could have been moved to next month. Now they have to wait and are probably replaced with new versions next month anyway (or again a week later). To be fair, Michael is the only one actively listening here, or at least contributing, but my feeling is that those few complaining are just the tip of the iceberg and it will be worse once it actually hits everyone. It would be good for MS to listen and do something about it, but my guess is: not happening. -R Von: [email protected] [mailto:[email protected]] Im Auftrag von Aday, Karalene B (RCIS) Gesendet: Mittwoch, 17. August 2016 22:13 An: [email protected] Betreff: RE: [mssms] Microsoft set to change Windows patching in a disasterous way Excuse me if I didn’t use the correct terminology. When “additional updates” are released it impacts us greatly. We alsways decline them and then approve them with all the other monthly patches. There are months where there may be a large number released through out the month and it impacts our workload and also leave room for error. Why are they released during the month and not part of Patch Tuesday? From: [email protected] [mailto:[email protected]] On Behalf Of Michael Niehaus Sent: Wednesday, August 17, 2016 2:16 PM To: [email protected] Subject: RE: [mssms] Microsoft set to change Windows patching in a disasterous way Just curious, what 52 are you referring to? We routinely release additional updates throughout the month. It’s very rare to have an out-of-band security update though, those are typically only on Patch Tuesday. Flash tends to be the notable exception (we align with when Adobe and others release their updates), and of course fixes to serious 0-day exploits will always be important. Thanks, -Michael From: [email protected] [mailto:[email protected]] On Behalf Of Aday, Karalene B (RCIS) Sent: Wednesday, August 17, 2016 8:01 AM To: [email protected] Subject: RE: [mssms] Microsoft set to change Windows patching in a disasterous way I would also like to know how they are going to handle all of the out of band updates they release each month. We pulled 52 out of bands last night and I’m sure with their pattern that’s not the end of them for this month. Patch Tuesday is kind of a joke when they continually do this. From: [email protected] [mailto:[email protected]] On Behalf Of Todd Hemsell Sent: Wednesday, August 17, 2016 8:57 AM To: [email protected] Subject: Re: [mssms] Microsoft set to change Windows patching in a disasterous way Less work for them. Here is the fix, use it or not. Even if it breaks other things. We will no longer put in the extra effort to fix our security flaws, instead we will put the burden on you to make sure 100% of everything you have is compatible with these updates. On Tue, Aug 16, 2016 at 11:43 AM, Ed Aldrich <[email protected]> wrote: How do you see this approach being driven as a profit-making process? From: [email protected] [mailto:[email protected]] On Behalf Of Todd Hemsell Sent: Tuesday, August 16, 2016 12:20 PM To: [email protected] Subject: Re: [mssms] Microsoft set to change Windows patching in a disasterous way Hey, it makes MS more profitable, that is all that matters,. Same with the forced advertising in a corporate OS you pay millions for Same as with the cloud Same as with everything Screw you, suck it up. lol On Mon, Aug 15, 2016 at 6:29 PM, Murray, Mike <[email protected]> wrote: I’ve been told “get used to it” on the patch management list. Not good enough. I think this is ridiculous. From: [email protected] [mailto:[email protected]] On Behalf Of Roland Janus Sent: Monday, August 15, 2016 4:08 PM To: [email protected] Subject: AW: [mssms] Microsoft set to change Windows patching in a disasterous way 1+ If they include such updates, like 3170455 which we also excluded, that’s certainly going the mess up things.. Von: [email protected] [mailto:[email protected]] Im Auftrag von Miller, Todd Gesendet: Montag, 15. August 2016 22:42 An: [email protected] Betreff: [mssms] Microsoft set to change Windows patching in a disasterous way https://blogs.technet.microsoft.com/windowsitpro/2016/08/15/further-simplifying-servicing-model-for-windows-7-and-windows-8-1/ Wow, this could be a disaster. We have had 4 or 5 cases in the last 12 months where we have had to delay the installation of a security update so that applications could be modified to work with updates. In a couple of cases, one ongoing, Microsoft has released a security update, then acknowledged a bug in that update and released a fix several months later. We currently have KB3170455 denied in our environment because it breaks point – and –print driver installation. In the new world, I will need to decide which is worse – no security updates for 3 months, or break printing for all non-admin users. Currently I can decide to pull or hold an individual patch, but it looks like that option is being removed from Windows 7 and 8. This comes at a time where it seems like patch quality has hit a rough patch, making this decision more troubling. Notice: This UI Health Care e-mail (including attachments) is covered by the Electronic Communications Privacy Act, 18 U.S.C. 2510-2521 and is intended only for the use of the individual or entity to which it is addressed, and may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If you are not the intended recipient, any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender immediately and delete or destroy all copies of the original message and attachments thereto. Email sent to or from UI Health Care may be retained as required by law or regulation. Thank you. Legal Notice: This email is intended only for the person(s) to whom it is addressed. If you are not an intended recipient and have received this message in error, please notify the sender immediately by replying to this email or calling +44(0) 2083269015 (UK) or +1 866 592 4214 (USA). This email and any attachments may be privileged and/or confidential. The unauthorized use, disclosure, copying or printing of any information it contains is strictly prohibited. The opinions expressed in this email are those of the author and do not necessarily represent the views of 1E Ltd. Nothing in this email will operate to bind 1E to any order or other contract. NOTICE: The information contained in this message is proprietary and/or confidential and may be privileged. If you are not the intended recipient of this communication, you are hereby notified to: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. Confidentiality Notice: This e-mail is from a law firm and may be protected by the attorney-client or work product privileges. If you have received this message in error, please notify the sender by replying to this e-mail and then delete it from your computer. The information transmitted is intended only for the person or entity to which it is addressed and may contain CONFIDENTIAL material. If you receive this material/information in error, please contact the sender and delete or destroy the material/information. Legal Notice: This email is intended only for the person(s) to whom it is addressed. If you are not an intended recipient and have received this message in error, please notify the sender immediately by replying to this email or calling +44(0) 2083269015 (UK) or +1 866 592 4214 (USA). This email and any attachments may be privileged and/or confidential. The unauthorized use, disclosure, copying or printing of any information it contains is strictly prohibited. The opinions expressed in this email are those of the author and do not necessarily represent the views of 1E Ltd. Nothing in this email will operate to bind 1E to any order or other contract. Legal Notice: This email is intended only for the person(s) to whom it is addressed. If you are not an intended recipient and have received this message in error, please notify the sender immediately by replying to this email or calling +44(0) 2083269015 (UK) or +1 866 592 4214 (USA). This email and any attachments may be privileged and/or confidential. The unauthorized use, disclosure, copying or printing of any information it contains is strictly prohibited. The opinions expressed in this email are those of the author and do not necessarily represent the views of 1E Ltd. Nothing in this email will operate to bind 1E to any order or other contract.
