Where are May 2018 Microsoft fixlets?

Seeing how they took two weeks to address the March KB that broke a lot of things… this is very concerning. We’re supposed to be testing patches NOW and releasing patches to the company this coming Monday.

SCCM/WSUS has it’s issues, but from a compliancy/security standpoint, it’s hard to continue fighting for BigFix in my agency. If my managers ask where patches are, knowing Windows Patch Software has them, and I have nothing? I can’t disagree when they say “rip this out, we’re going with something that ‘just works’”.

I’m fighting for this thing, but it’s a losing battle.

Just as there are contractual obligations that have to be met and if not, then clauses start to activate where real dollars are lost, so should we hold IBM accountable for not releasing by a certain time after MS release. Loss of dollars is where the pain is really felt.

I’m kind of surprised nobody from IBM has chimed in here with a comment.

We apologize for the frustration.

Our goal for Microsoft Patch content is to publish the updates within 24 hours of the Patch Tuesday release, and we generally have content available well within that timeframe.

The latest batch is much larger than normal but we are still on target to have these posted in the next 2 hours.

Thanks for the information Michael.

has anyone had the fixlets loaded up in BigFix yet?

yes. Try forcing a site gather and then give it some time.

I see that site version 2978 is published. Gathering now

For reference, please see the recently posted announcement here: IBM BigFix Patch: Content Released in Patches for Windows - May 2018 Security Updates

Wow that’s quite the changelist. Understandable it took a little longer than usual.

Hello
The thing here is from my point of view, OS patching teams are need (and expect) the patches be available in BigFix quickly, it’s very understandable isn’t?

We try to have the patches available ASAP and generally within 24hrs (but not for certain), but it is a lot of work to generate all the content and test it, especially given the unusually large number of patches this week.

We do apologize for the delay.

I don’t know how feasible it is, but would you rather patches be published in batches or all at once in the case of unusually large sets of patches?

From my perspective, all at once even if it takes a little longer.

Batches could potentially be faster if you do them by OS, but not everyone does baselines by OS, for example, and even then who knows who will complain because “the most important one” was left for last.

Sorry to say, but I think this is a lose-lose scenario where you’re not going to be able to please everyone; we manage with the current situation because we’ve made a process around it that has some leeway to it, so from our perspective no change is necessary.

I see a lot have come through… mostly for Windows 7 and Server (unless Win 10 updates are there but just aren’t relevant). Any idea how many more are coming?

Thanks for your work on this as well.

May be a good idea, e.g. This time, OS patching teams were asking for one or two specific patches, this is the most critical, guess if they get at least the critical ones would be a little less uncertainty.

All at once would be my preference. Batches has its attraction, but that pales somewhat when you consider the revisits to baselines as new content arrives.

Some early indication that things are delayed would be welcome, especially if some ETA could be given. I could then get on with something a bit more productive than looking to see if the latest patches have arrived.

This might be a little off-topic, but in most cases are people pushing patches within a day or two of release? Or just Critical Security patches?

For the ‘patch Tuesday’ content, we run a small scale test then pilot asap, wait a few days to watch feedback on the internet and get our own feedback, then start a phased roll out.