Patch Tuesday

Fred Claus said:
Found this great blog post on Patch Tuesday this month. Thought you all might like it.

www.action1.com

Patch Tuesday January 2023 | Action1

January 2023 Patch Tuesday updates and vulnerabilities patched by third-party vendors.
www.action1.com www.action1.com
Click to expand...

Thanks for that. This article is a perfect illustration of the absolute wisdom contained in the following observation:

There really isn't a point to checking for updates and not installing them. . . It's important to install all available updates. I've been doing this since the days of DOS, and I still don't have the confidence to pick and choose among updates. There are just too many variables involved - and most people can't evaluate the full consequences of installing/not installing updates.
~ John Carrona, AKA usasma on BleepingComputer.com, http://www.carrona.org/


I have seen way more misery caused by lack of updating than I've ever seen from the occasional "bad update," which generally gets fixed before very many people even get one these days, given the way telemetry and monitoring of same works.
 
We our our RMM patcher wait till Friday to push out the updates. Gives Microsoft a couple of days to recognize a bad patch, pull it, fix it, and re-release it. And if we know about a "bad" patch, we can deny it. before it goes out.

No way we have time to "test" every patch released either. I've seen some IT people claim that do that...LOL...I raise an eyebrow in dis belief that they have THAT much time to go and test every patch with lots of variables and mixed matched software to vet it out.

I am a believer in keeping systems patched.
I will say however, I have had to fix damage from bad patches. I don't have a number of how many clients of ours are "not managed" (thus not on our patching system)...but I'd wager it's over 700-800 devices, and a few dozen servers. One bum update that tanks something on a server can make a miserable week or two for ya. I can recall a recent example that gave us a hell week-ish couple of weeks...those two bad updates over the past year or so which broke print servers.

But the goal is to fix more problems by installing updates rather quickly, and hopefully very rarely..have to deal with issues resulting from a bad update.
 
YeOldeStonecat said:
But the goal is to fix more problems by installing updates rather quickly, and hopefully very rarely..have to deal with issues resulting from a bad update.
Click to expand...

Precisely.

And your own practice of waiting a few days after release of patches is perfectly reasonable. They roll out to cohorts anyway, not everyone at once, and it's perfectly reasonable to "delay your cohort, slightly" to avoid unanticipated issues.
 
I used to seriously drag my feet on OS updates. But after a few problems many years ago, related to NOT doing updates, I abandoned that logic. Now I'll wait a few days to maybe a couple of weeks tops before getting the updates done. Depending on the degree of exposure to the system(s).
 
I've definitely had issues with updates before, but I think Microsoft's "ring" system is the way to go. Have different rings of systems that get the updates at different delays so that everything doesn't get taken out at once and you get a canary warning before it's a bigger disruption.

And you can even monitor patch status for free in Azure. Just agree to pipe the data via Microsoft's telemetry system (I'm sure only Windows Pro and above that let's you)
 
YeOldeStonecat said:
We our our RMM patcher wait till Friday to push out the updates. Gives Microsoft a couple of days to recognize a bad patch, pull it, fix it, and re-release it. And if we know about a "bad" patch, we can deny it. before it goes out.

No way we have time to "test" every patch released either. I've seen some IT people claim that do that...LOL...I raise an eyebrow in dis belief that they have THAT much time to go and test every patch with lots of variables and mixed matched software to vet it out.

I am a believer in keeping systems patched.
I will say however, I have had to fix damage from bad patches. I don't have a number of how many clients of ours are "not managed" (thus not on our patching system)...but I'd wager it's over 700-800 devices, and a few dozen servers. One bum update that tanks something on a server can make a miserable week or two for ya. I can recall a recent example that gave us a hell week-ish couple of weeks...those two bad updates over the past year or so which broke print servers.

But the goal is to fix more problems by installing updates rather quickly, and hopefully very rarely..have to deal with issues resulting from a bad update.
Click to expand...
I do the same. My RMM is set to automatically approve updates and install them Friday night. Any news reports of issues let me go in and manually uncheck the bad update before it fires off on Friday. Only a couple of times when a major exploit was running in the wild have I manually triggered an immediate update. And only a few times have I pulled a queued update.
 
You must log in or register to reply here.

Similar threads

thecomputerguy
It's been a week.
Replies
11
Views
415
brandonkick
B
NETWizz
Ticket of the Week
Replies
1
Views
318
callthatgirl
callthatgirl
britechguy
The Spurious "Actions Needed" Caution Triangle Overlay on Windows Security SysTray Icon
Replies
18
Views
1K
GTP
GTP
thecomputerguy
Wiring MEGAnoob question ... 568A vs 568B
Replies
18
Views
879
Markverhyden
Markverhyden
thecomputerguy
What rackmount patch panel can I make work with a 16Port Switch?
Replies
6
Views
417
Mercenary Roadie
Mercenary Roadie
Back
Top