Stories
Slash Boxes
Comments

SoylentNews is people

October 11 Saw the First of Redmond's All-or-Nothing Monthly Patches

posted by martyb on Sunday October 16 2016, @09:47AM   Printer-friendly
from the some-folks-don't-need-flexibility,-apparently dept.

-- OriginalOwner_ writes:

The Register reports

Redmond kicks off the era of the force-fed security update

Microsoft is kicking off a controversial new security program this month by packaging all of its security updates into a single payload.

The October security release introduces Redmond's new policy of bundling all security bulletins as one download. While more convenient for end users, who now get just one bundle, the move will irk many administrators, who had preferred to individually test and apply each patch to avoid compatibility problems.

Krebs on Security notes

Microsoft: No More Pick-and-Choose Patching

Starting this month, home and business Windows users will no longer be able to pick and choose which updates to install and which to leave for another time. For example, I've often advised home users to hold off on installing .NET updates until all other patches for the month are applied--reasoning that .NET updates are very large and in my experience have frequently been found to be the source of problems when applying huge numbers of patches simultaneously.

But that cafeteria-style patching goes out the...err...Windows with this month's release.

[...]Microsoft's patch policy changes are slightly different for home versus business customers. Consumers on Windows 7 Service Pack 1 and Windows 8.1 will henceforth receive what Redmond is calling a "Monthly Rollup," which addresses both security issues and reliability issues in a single update. The "Security-only updates" option--intended for enterprises and not available via Windows Update--will only include new security patches that are released for that month.

What this means is that if any part of the patch bundle breaks, the only option is to remove the entire bundle (instead of the offending patch, as was previously possible). I have no doubt this simplifies things for Microsoft and likely saves them a ton of money, but my concern is this will leave end-users unable to apply critical patches simply due to a single patch breaking something.

[...]The smartest option is probably to ditch [Adobe Flash] once and for all and significantly increase the security of your system in the process. I've got more on that approach (as well as slightly less radical solutions) in A Month Without Adobe Flash Player.

[...]Finally, Adobe released security updates that correct a whopping 71 flaws in its PDF Reader and Acrobat products. If you use either of these software packages, please take a moment to update them.

Has this change in method and control altered the thinking of any Soylentils WRT their choices of software supplier?
Now for the biggie: Has anyone convinced his boss to depart the Redmond path?

Previous: Windows 7 and 8.1 Moving to Windows 10’s Cumulative Update Model

Original Submission

 
This discussion has been archived. No new comments can be posted.
October 11 Saw the First of Redmond's All-or-Nothing Monthly Patches | Log In/Create an Account | Top | 48 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by Techwolf on Sunday October 16 2016, @10:26PM

    by Techwolf (87) on Sunday October 16 2016, @10:26PM (#414993)

    I had a window 7 in vmware get the same stuck updating loop. How I fixed it was googleing the problem and eventually finding a blog page that describes how to update the updater itself manually. Had to do a few steps to fully disable the updater, reboot without networking at all, install the updated updater, reboot, turn networking back on and try to update. It worked. The other problem I had was IE 11 update that was failing due to already had IE 11 installed. The fix was to use the command line to un-install the IE updates, reboot, run the updater to 'fix' the bad update. Basically it will just remove the update from the listing. Then go to MS site and manually download and install IE 11.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 0) by Anonymous Coward on Sunday October 16 2016, @10:41PM

    by Anonymous Coward on Sunday October 16 2016, @10:41PM (#415000)

    That's funny. I just searched the Microsoft support knowledge base. I found the latest Windows Update installed by Windows Update was not the latest Windows Update. I downloaded and installed the latest Windows Update. Problem solved. Bloggers are goddamn idiots.

  • (Score: 2) by Marand on Monday October 17 2016, @12:07AM

    by Marand (1081) on Monday October 17 2016, @12:07AM (#415018) Journal

    It's good that it eventually worked out for you, but that wasn't the case for me. Ultimately the problem for me was that nothing I did would actually succeed in getting a manual update of the updater to work because somehow, somewhere, over the years the update process made a mess somewhere that completely fucked everything, so updater updates wouldn't install either.

    I've been told before that it's my fault this happened because I don't reinstall the OS as a form of preventative care, but frankly that's bullshit. I've been able to keep a Debian install running for over a decade through hardware changes and release upgrades (and conversion from 32bit to 64bit), but I'm supposed to accept that it's just SOP to reinstall Windows every year or two? If it'd done this during an upgrade between major versions it'd make more sense, but security updates within a release should be rock-solid.

    To be clear, I don't have a problem with people using or even liking Windows. I'm no OS zealot, and they all have a place, even if I don't like using them all. I'm just consistently amazed at how fucked the update process in Windows can be.