Ahhh…the last Patch Tuesday of 2014. Can you believe it? Most of us would like to use the holiday season and do a little rejoicing over 1 more year of patching completed. But, we can all agree that it's been a tough year for Microsoft patches. And, even though this is the very last Patch Tuesday, that doesn't mean that patching is over if the past year is any indication.
I was off for the past couple weeks (thanks to all those that questioned my absence) taking care of my wife after a surgery, but I kept up on things. And, that's really the life of a patching engineer, isn't it? Due to monthly botched releases, Microsoft has made it very hard for IT folks to take any time off. Blame it on a poor QA process, or a software company that is in constant reorganization, updating Microsoft's operating systems and software keeps many frustrated all month long. But, since we're so close to the holidays, which should be a joyous time, maybe it's better to thank Microsoft for keeping so many of us employed.
During my time off, I read an email thread in which one person suggested that about 80% of his time each month is spent embroiled in the patching process. The patching process is a tedious one, for sure, but throw in Microsoft's seeming ineptitude, and you have a witch's brew of backbone breaking work. Each month's patching woes lead directly into the next month's unforeseen problems. There's rarely a break in the action. Before the year is out, I plan to provide a down-and-dirty retrospect on Microsoft's worst patching year on record, and then give some, let's say, suggestions on how it could be fixed in 2015. Because, frankly, if things don't change, it's going to get a lot worse. And, with Microsoft putting less emphasis on Windows these days, patching problems alone could force many companies to migrate to something else.
Stay tuned for that.
So, here we are. The last Patch Tuesday of 2014. At a time when many are excited about the prospects of taking time off and spending it with family, we have one major hump left to surmount. And, we're all wondering if that hump could actually turn into a mountain overnight, come Tuesday around 2pm PST.
This month, Microsoft is providing seven Security Bulletins, with three of them rated as Critical, and four as Important. Internet Explorer (versions 7-9) once again takes the spotlight, which is the most common monthly occurrence of software that requires patching. Microsoft Windows, Office, and Exchange are also being tagged for updates.
The full security bulletin is here: Microsoft Security Bulletin Advance Notification for December 2014
Amid the updates releasing tomorrow, is a particularly interesting one for Exchange Server. In November, Microsoft was set to release the update, but pulled it at the last second to fix an installation problem. The Exchange Team even went on record to say that the issue found in the update was "unacceptable behavior," which seemed to suggest they were blaming someone else for the miscue.
The update appears to have been fixed, but we'll have to wait and see.