Hello, I’m arranging patching for a new customer and they want the following patches installed. Unfortunately, I don’t see them available in BigFix. Is there a reason for this? Am I perhaps not looking in the right place?
Update for Microsoft Office 2010 (KB2077208)
Update for Office SharePoint Foundation 2010 (KB2032588)
Definition Update for Microsoft Office 2010 (KB982726), 64-Bit Edition
Definition Update for Microsoft Office 2010 (KB982726), 32-Bit Edition
Is the implication that ONLY security updates are available in BigFix? As it stands now there are approx. 11 Office 2010 updates available to install on my computer (via Windows Update) that do not show up in BigFix. For example (KB2553323, KB2553065, KB2566445 etc.) Is there no intention for these to be made available in BigFix? If Windows Update is disabled on the end point I guess the only option is to setup these fixlets manually??
Our policy is to provide the monthly security bulletins released every second Tuesday of the month. For everything else, it’s usually determined if it’s a security advisory and how many people request it. If it’s very important for you to install these updates, either you can create Fixlets yourself or you contact support and it will be determined if it is something we will provide.
Really? So the answer is, if you want ALL the patches/updates/fixes that Microsoft puts out for Office 2010, open a support case and ask for it?? I, and I wonder how many other BigFix users, though every windows/office update/fix that was available from Microsoft was available via BigFix automatically…
We support Service Packs, security patches, security related patches, and major updates. We don’t support every single patch that Microsoft puts on Windows Update, but the patches I mentioned should be the majority of them…
Do you really want to patch every update on Windows Update? From what I have heard from others, most customers seem to want to avoid some of the minor patches with minimal benefit that might break things…
My expectation is that if it’s listed as an Microsoft Important or Critical update it would be available in BigFix. For example I have 23 Important updates (between Office2010, Windows 7, Office 2007 etc) showing in Windows Update on my computer. In BigFix my computer only shows 3!
We focus our patch offering around security and not around windows update…
FWIW, the history of this was that when we first started delivering patches (maybe 10 years ago?), we started by offering any patch from Microsoft… One time, we released a non-security patch and it broke everything for a customer. The customer was furious and demanded that we fix it, but we told them that it was Microsoft’s patch and we just were the delivery system… However, they pointed out that many non-security patches come with a warning that says something like “only apply this to systems where you are experiencing the described problem”… and so the mere fact that we let people easily apply a patch to a system that didn’t “really need it” infuriated some people if it broke… And since then, we have stuck to security patches because they are always “recommended” and seem much less likely to break.
I have not spent much time looking at the latest warnings on non-security patches from Microsoft and it might have changed… since this incident, it just became standard policy at BigFix to only support major updates and security updates… but I wanted to give you some background on how we got here for whatever it is worth…
Ben, I think you hit the nail on the head, “just the delivery system”. I agree that it should be up to the end user to filter out which patches they would like to install. But obviously in order for that to happen all the patches would need to be available. It’s difficult when we use BigFix as our patch management system and not all patches from Microsoft are available. (especially critical and important ones) Which is in stark contrast to say WSUS. At least with WSUS I know that the same patches that would be offered to the endpoint directly are available from the WSUS server. It would then be up to me as to which patches/updates I would like to install. Unfortunately as it stands now I don’t even have that option with BigFix. Rather than go through all the work of determining which critital/important updates are NOT available in BigFix and then manually creating them I might as well just install WSUS! Which I have to admit is a very sad thing to say because with WSUS handling our MS patches it leaves the door open to finding a much more simple and cheaper (thank-you IBM) software distribution package.
But of course you and your IT team would never do that because of all of the flexible, practical, and cost-saving benefits of BigFix, correct?
Point taken… I think there are a few other threads on the forum that have argued that we include all patches. I agree that we should look into it and I think we might even have a few people researching what it would take to support it…
Can’t promise anything to happen quickly, but stay tuned…
Thanks Ben. It’s great to know that you guys actually read this forum and consider feedfack/fixes directly from the end customer!! It’s very rare among software companies and I consider it one of the benefits of using BigFix! Hopefully IBM will see that and keep it up!
I know I am one of the whiners that have argued for inclusion of all patches that show up in windows update. One thing I will say about this is that a great start might be to some way have TEM figure out what patches windows update lists as relevant vs. what TEM says are available vi the TEM provided fixlet content. In other words, a simple difference / comparison report.
While it’s not what we want, it would at least open our eyes as the actual health of our environment as compared to how Microsoft shows our health. Of course this would probably backfire for IBM and cause a huge outcry for including all the Windows Update content. Which of course we would be fine with
BTW - if there is an early adopter or beta for this new found content, we volunteer!
Hi Ben. Just wanted to touch base on this issue to see if there has been any more internal discussion/investigation? There are now several Office 2010 “updates” that are available via Windows Updates that are not available in BigFix. As we need to install these updates is there any chance these will be included any time soon? Could they simply be put under a differenct category such as “Program Update” so they are separate from the “Security Hotfix” fixlets? This would allow end users to know then are different however install them if need be.
Hi Ben. Just wanted to touch base on this issue to see if there has been any more internal discussion/investigation? There are now several Office 2010 “updates” that are available via Windows Updates that are not available in BigFix. As we need to install these updates is there any chance these will be included any time soon? Could they simply be put under a differenct category such as “Program Update” so they are separate from the “Security Hotfix” fixlets? This would allow end users to know then are different however install them if need be.
It’s unfortunate because I think we’re going to have to start looking at another product for Windows patching which INCLUDS office patches. Ehhh… wsus…
j2johnson - sadly, we are in the same boat. Our 3 years is up and we are being asked to evaluate TEM against other solutions. Patching is pretty mutch a commodity these days and quite honestly, others do it as good or better. It was always the other bits that made BigFix better. Some of those bits are still there (the backend server / relays, relevance language, etc) but other bits seem to have died on the vine (DSS / SAM, etc). It seems like things have really slowed down since the IBM acquisition which is funny since it was sold as the way to enable BigFix to become even better. So far, I don’t think we’ve seen it at all. Even the forums have gone downhill.
