Seeing how they took two weeks to address the March KB that broke a lot of things… this is very concerning. We’re supposed to be testing patches NOW and releasing patches to the company this coming Monday.
SCCM/WSUS has it’s issues, but from a compliancy/security standpoint, it’s hard to continue fighting for BigFix in my agency. If my managers ask where patches are, knowing Windows Patch Software has them, and I have nothing? I can’t disagree when they say “rip this out, we’re going with something that ‘just works’”.
I’m fighting for this thing, but it’s a losing battle.
Just as there are contractual obligations that have to be met and if not, then clauses start to activate where real dollars are lost, so should we hold IBM accountable for not releasing by a certain time after MS release. Loss of dollars is where the pain is really felt.
Our goal for Microsoft Patch content is to publish the updates within 24 hours of the Patch Tuesday release, and we generally have content available well within that timeframe.
The latest batch is much larger than normal but we are still on target to have these posted in the next 2 hours.
Hello
The thing here is from my point of view, OS patching teams are need (and expect) the patches be available in BigFix quickly, it’s very understandable isn’t?
We try to have the patches available ASAP and generally within 24hrs (but not for certain), but it is a lot of work to generate all the content and test it, especially given the unusually large number of patches this week.
From my perspective, all at once even if it takes a little longer.
Batches could potentially be faster if you do them by OS, but not everyone does baselines by OS, for example, and even then who knows who will complain because “the most important one” was left for last.
Sorry to say, but I think this is a lose-lose scenario where you’re not going to be able to please everyone; we manage with the current situation because we’ve made a process around it that has some leeway to it, so from our perspective no change is necessary.
I see a lot have come through… mostly for Windows 7 and Server (unless Win 10 updates are there but just aren’t relevant). Any idea how many more are coming?
May be a good idea, e.g. This time, OS patching teams were asking for one or two specific patches, this is the most critical, guess if they get at least the critical ones would be a little less uncertainty.
All at once would be my preference. Batches has its attraction, but that pales somewhat when you consider the revisits to baselines as new content arrives.
Some early indication that things are delayed would be welcome, especially if some ETA could be given. I could then get on with something a bit more productive than looking to see if the latest patches have arrived.
For the ‘patch Tuesday’ content, we run a small scale test then pilot asap, wait a few days to watch feedback on the internet and get our own feedback, then start a phased roll out.