Microsoft has decided to make changes to how they will be rolling out patches starting this month. From October 2016 onward, Windows will release a monthly rollup that addresses both security and reliability issues in a single update. They will also release a Security and Quality Rollup ford the .Net Framework. Each month’s rollup will take the place of the previous month’s rollup. This means there will always only be one update that is required in order to get current.
A rollup is simply multiple patches rolled together into a single update. These rollups will replace individual patches. Though individual patches allowed users and admins to be more selective about which patches they wanted to apply to their servers, it resulted in fragmentation, meaning different servers could have different sub-sets of patches installed on them. This made it harder to confirm that each server was protected with the newest security measures or were running the same security features. The notable change for server admins here is that the new cumulative updated model will remove the ability to roll-back an individual patch if something goes wrong with the patch. Instead, the admins will need to roll-back to the previous month’s cumulative update to fix an issue.
So what is changing? There will be two important types of monthly releases put out by Microsoft that NetSource will address. These are a Security Monthly Quality Rollup for Windows Server, and a Security and Quality Rollup for the .NET Framework. NetSource will be performing both of these rollups as part of our patching service that we provide to clients. NetSource will be performing security updates much like we did before Microsoft made these changes. We will try and match, as closely as possible, the new patching scheme with what we had provided to clients in the past.
As per our normal process at NetSource, security updates will not be pushed as soon as available from Microsoft. NetSource administrators will continue with the normal process we have always followed, which includes: downloading and applying the rollups in our test environment(s), monitoring well known online sites for any issues the rollups/patches might introduce, and doing the rollup updates during a prescribed maintenance window (usually a few weeks after they officially come out). We do this to ensure that issues can be caught before they can affect our clients.
The two main points to note are:
1) The rollups will proceed just like before with no changes in our process of waiting a set time after patches are released, testing in our test environment, and then completing patches on an announced schedule.
2) If a problem does occur to a customer’s server after an update has been made, we would need to roll back to the previous month’s version and we cannot pick and select what part of the patch to roll back.
NetSource takes all our client’s environments seriously and that is why we are taking steps to ensure this new change will not effect clients. If you do have any questions about our security patch monthly service please call us at 630-778-1212 and we can cover this with you in detail.