We’re running a poll (you can still participate HERE) to find out if Microsoft’s growing update quality problems have affected the patching plans for companies and the results so far are very interesting.
For many companies, policies haven’t changed because they were already working within a 30-45 day patching window, which includes testing, piloting, and then eventually rollout. But, based on the results of the poll, there are many companies that are altering their patching policies to delay update delivery even longer. For security patches, this is potentially dangerous. Microsoft needs to understand this, and realize that no matter what criticality label it places on specific security updates, its software is only secure if patches are applied, and patches will only be applied when they are trusted.
As you can see, a little over 60% of respondents have decided that Microsoft’s update releases are causing too many problems and companies need more time to adjust to potential issues.
And, the comments for the poll are also interesting, giving deeper insight into what IT is thinking about Microsoft’s current update strategy.
Here’s a few worth reading:
Our patching window has always been the 3rd Saturday of the month, which is (1 in 3 times) too close to patch release, so we consistently run 4-5 weeks behind. It’s saved us a huge number of issues as troublesome patches have been rescinded before we release them. We did look at patching sooner, but the recent issues have ended that discussion.
No official change yet but I have formally requested a policy review and a change to a one month delay as the risk of compromise seems to be outweighed by the risk of breakage. The frightening part isn’t that there was an issue or two in Aug, it is that these issues started right after Dev and Test were merged with the recent reorg. Dev and test on the same team(s) for large core infrastructure components like Windows (server and client) creates a clear conflict of interest as the managers can’t have bad tests making their dev side look bad.
I no longer allow automatic updates. Defender definitions get updated routinely, but almost everything else waits a week or more until I can see if another firestorm erupts.
We are behind 1 CU for Exchange Server 2013. The recent CUs have been time bomb....
You can still participate and add your voice, and I hope you do so. The more participation we have, the more Microsoft is willing to listen and work to fix more than just perception of an issue.
Drop out here if you have time and add your thoughts: Have Microsoft's Update Problems Changed Your Patching Policies?