When Windows 10 arrives this summer (and Windows Server 2016 next year), Microsoft is going to be making some noticeable changes to how and when it delivers security fixes, hotfixes and rollups.
What can IT pros do now to prepare for the new Windows world order?
Company officials provided some potentially controversial suggestions and guidance during Microsoft’s Ignite conference in Chicago. In a session entitled “Getting Ready for Windows 10: Servicing Windows Client and Server in a Managed Environment Today” (Video and slides available here; a good summary from Microsoft Premier Field Engineer Robert Smith is here), Thierry Paquay, a manager on Microsoft’s Customer Experience Engineering team, discussed where Microsoft is and where it’s going with its patching and updating process.
The reason Paquay’s guidance could be considered controversial is Microsoft’s current patching track record leaves quite a bit to be desired on the quality front, as more than a few have noted. At Ignite, Microsoft execs said they believe the company’s move to require more users to apply Windows patches in sequential order on a regular basis will help improve the current Patch Tuesday approach.
Microsoft’s track record with security fixes is better than many might expect, Paquay told Ignite attendees. He said in 2014, 87 percent of Windows and IE security updates were successful and didn’t require a re-release, a percentage he maintained was quite favorable.
Microsoft’s guidance on the security update front has been to validate security fixes from Microsoft but deploy them as quickly as possible. Microsoft will continue to advise customers to follow that guidance with Windows 10.But when it comes to non-security updates and rollups, a number of business customers are either delaying “optional” and “recommended” fixes too long, he said. And the failure to apply certain non-security updates can affect negatively the application of security updates over time, Paquay said.
Currently, Microsoft’s wording in its guidance around some hotfixes is to only apply them if trying to fix a very specific set of problems. But when there’s data corruption, a bug check or a system hang, it’s actually more detrimental than not to wait, Paquay argued. He said if more users would apply optional hotfixes and update rollups proactively, Microsoft would be able to gather more telemetry data and fix path and hotfix problems more rapidly, allowing the company to promote tested fixes as “recommended” or “important” updates/rollups for a broader group of customers.
Once an update appears in Windows Update as “recommended,” it has already been installed on and deployed to millions of Windows devices already, meaning it has been vetted to a fairly substantial degree (and not just inside Microsoft or by Windows testers only), he said.