In February, Microsoft began delivering both security updates and non-security product updates for SharePoint through Windows Update. This caught a lot of customers by surprise and not in a good way. Delivering non-security updates to critical SharePoint components has the potential to break things if untested. And, considering how bad each patching month has been in the last couple years, customers would rather retrieve the non-security updates themselves and test and install in a controlled manner.
One commenter said this:
…this is a pretty silly move. It ensures that administrators will be even less likely to keep their servers patched against common windows vulnerabilities, while ensuring that those who do are more likely to break their SharePoint farms.
Factor in the dismal track record of these CUs, and the future gets pretty dark.
It seems unlikely to me that testing Windows Updates includes testing SharePoint Cumulative Updates. Everything about how SharePoint works (complexity, multiple tiers, variations in configuration, custom code) screams that auto updating is a terrible idea.
Seems you have a fairly rosy view of how patch management works in most companies. This is unfortunate.
Whether the company listened to the complaints or just found it functionality difficult, Microsoft's Stefan Goßner today has announced that Microsoft is altering the plan once again:
We want to let everyone know of a change to the patch delivery strategy for Office server products. As of March 2015, all Office product updates will be offered via Microsoft Update except for non-security updates for server products. Individual and “uber” server product updates will be published only to the Microsoft Download Center and customers can download/schedule/plan/test accordingly.
Please note that this does not affect security fixes for server products as they will continue to be available via Microsoft Update.
Thank you for the announcement - admins are cheering right now.