Microsoft Moving Monthly patch rollups and Bigfix Stand?

As per Microsoft communication:

Starting in October, Microsoft is moving to monthly patch rollups and including multiple patches in a single update. These rollups will be replacing individual patches and every new monthly rollup will supersede the previous month’s rollup. My understanding is that we will no longer be able to remove singular patches from these rollups.

I would like to understand how BigFix will handle the new rollup patching process. The concern is that by the time the new patch bundle is tested and ready to be deployed, a new monthly rollup comes out and supersedes what we already have preventing us from patching.

How i can install superseded patch roll-ups or remove specific patch which is not required per local environment.


1 Like

I generally wouldn’t recommend removing or not installing a critical/important patch unless it causes problems.

thanks for the reply, that means we would get fixlet of monthly roll up patch and all content , patches etc would be managed by Microsoft? If there is any need to deploy single or multiple patches , still we would get those patches just we have right now in console?

How we would install superseded roll up patch group?

Microsoft is going to do what it feels is in its best interests. IBM cannot stop them changing the patch cycles, nor can they break apart the patches.

i would start with a little pre-planning.

Create a Custom site where you can place copies of the IBM provided fixlets for the Microsoft Patches.

Then plan on downloading the patch files and either manually caching them, or put them on your own internal WWW site. If you use your own internal site, you will want to modify the fixlets to point to your site.

If you are unhappy with Microsoft’s changes, communicate that to Microsoft.

I got it , thanks for your help.

the thing I dislike the most about these patch rollups, and I’ve already seen it happen: there’s a single problematic patch which prevents being able to deploy it immediately, but it’s included in a rollup with several other important updates.

the lack of individual control puts everyone in a bad position in my opinion. not IBM’s thing to figure out either way.

1 Like

Well, it will end up putting more pressure on Microsoft to improve the quality of the monthly patch, especially the monthly Security patch (which is not cumulative, but does combine all of the Windows Security patches for that month.

On the other hand, it also reduces the difficulty of testing such patches, because they can expect more of a common baseline across their customer base. Testing each patch across systems with different starting points (based on which prior patches we had installed or declined).

I expect we’ll see some up-front pain from this, but in the long run I think we’ll all be in better shape for it. And really, what they’re adopting is what customers are coming to expect.

The real competitors to Windows are phones and tables. And on our phones and tablets, we don’t pick and choose which updates to install. We get the latest iOS or Android, not choosing between hundreds of separate updates.