Thanks for the information Michael.
2 Likes
has anyone had the fixlets loaded up in BigFix yet?
yes. Try forcing a site gather and then give it some time.
4 Likes
I see that site version 2978 is published. Gathering now
1 Like
For reference, please see the recently posted announcement here: IBM BigFix Patch: Content Released in Patches for Windows - May 2018 Security Updates
2 Likes
Wow that’s quite the changelist. Understandable it took a little longer than usual.
1 Like
Hello
The thing here is from my point of view, OS patching teams are need (and expect) the patches be available in BigFix quickly, it’s very understandable isn’t?
We try to have the patches available ASAP and generally within 24hrs (but not for certain), but it is a lot of work to generate all the content and test it, especially given the unusually large number of patches this week.
We do apologize for the delay.
2 Likes
I don’t know how feasible it is, but would you rather patches be published in batches or all at once in the case of unusually large sets of patches?
From my perspective, all at once even if it takes a little longer.
Batches could potentially be faster if you do them by OS, but not everyone does baselines by OS, for example, and even then who knows who will complain because “the most important one” was left for last.
Sorry to say, but I think this is a lose-lose scenario where you’re not going to be able to please everyone; we manage with the current situation because we’ve made a process around it that has some leeway to it, so from our perspective no change is necessary.
1 Like
I see a lot have come through… mostly for Windows 7 and Server (unless Win 10 updates are there but just aren’t relevant). Any idea how many more are coming?
Thanks for your work on this as well.
May be a good idea, e.g. This time, OS patching teams were asking for one or two specific patches, this is the most critical, guess if they get at least the critical ones would be a little less uncertainty.
1 Like
All at once would be my preference. Batches has its attraction, but that pales somewhat when you consider the revisits to baselines as new content arrives.
Some early indication that things are delayed would be welcome, especially if some ETA could be given. I could then get on with something a bit more productive than looking to see if the latest patches have arrived.
1 Like
This might be a little off-topic, but in most cases are people pushing patches within a day or two of release? Or just Critical Security patches?
1 Like
For the ‘patch Tuesday’ content, we run a small scale test then pilot asap, wait a few days to watch feedback on the internet and get our own feedback, then start a phased roll out.
3 Likes
Ditto that on ‘moving fast and breaking things’ in a test environment. Any testing the BigFix team does to break (and fix) things before I see the fixlets is much appreciated.
Especially given the track record from Microsoft for the last half-year or so, I regard their patches as ‘in beta testing’ for the first month.
3 Likes
agreed wholeheartedly.
This is my approach as well.
I want to deploy to a small set as fast as possible, but don’t start a phased rollout to everything for at least 48 hours after patch Tuesday.
What about the May Windows Point of Sale fixlets?