Hello
The thing here is from my point of view, OS patching teams are need (and expect) the patches be available in BigFix quickly, it’s very understandable isn’t?
We try to have the patches available ASAP and generally within 24hrs (but not for certain), but it is a lot of work to generate all the content and test it, especially given the unusually large number of patches this week.
We do apologize for the delay.
2 Likes
I don’t know how feasible it is, but would you rather patches be published in batches or all at once in the case of unusually large sets of patches?
From my perspective, all at once even if it takes a little longer.
Batches could potentially be faster if you do them by OS, but not everyone does baselines by OS, for example, and even then who knows who will complain because “the most important one” was left for last.
Sorry to say, but I think this is a lose-lose scenario where you’re not going to be able to please everyone; we manage with the current situation because we’ve made a process around it that has some leeway to it, so from our perspective no change is necessary.
1 Like
I see a lot have come through… mostly for Windows 7 and Server (unless Win 10 updates are there but just aren’t relevant). Any idea how many more are coming?
Thanks for your work on this as well.
May be a good idea, e.g. This time, OS patching teams were asking for one or two specific patches, this is the most critical, guess if they get at least the critical ones would be a little less uncertainty.
1 Like
All at once would be my preference. Batches has its attraction, but that pales somewhat when you consider the revisits to baselines as new content arrives.
Some early indication that things are delayed would be welcome, especially if some ETA could be given. I could then get on with something a bit more productive than looking to see if the latest patches have arrived.
1 Like
This might be a little off-topic, but in most cases are people pushing patches within a day or two of release? Or just Critical Security patches?
1 Like
For the ‘patch Tuesday’ content, we run a small scale test then pilot asap, wait a few days to watch feedback on the internet and get our own feedback, then start a phased roll out.
3 Likes
Ditto that on ‘moving fast and breaking things’ in a test environment. Any testing the BigFix team does to break (and fix) things before I see the fixlets is much appreciated.
Especially given the track record from Microsoft for the last half-year or so, I regard their patches as ‘in beta testing’ for the first month.
3 Likes
agreed wholeheartedly.
This is my approach as well.
I want to deploy to a small set as fast as possible, but don’t start a phased rollout to everything for at least 48 hours after patch Tuesday.
What about the May Windows Point of Sale fixlets?
We patch our Test Domain (25 servers) the Wednesday following patch Tuesday, and then Non-Production servers on Friday, and Production servers over the weekend.
Initially, I prefer all at once. If production time exceeds 24 hours, I would prefer batches by product area (i.e. Office vs Windows vs Sharepoint vs SQL). If they’re REALLY difficult, then consider breaking it down further into product versions so that something is released.
At 24 hours a statement of current expectations should be made. At 36 hours, something should be released - prioritize any fix for zero-days already seen in the wild (and release separately, if need be!). At 48 hours, a revised status statement. After that, it depends on the situation, but always good communication and some content over no communication and PMR responses of “We’re working on it”.
We’re the customers, but we need the info for OUR customers.
1 Like
I’m curious to know where the timeline came from in this post?
Microsoft releases content at 10AM Pacific time on Patch Tuesday. We had published our content by 9AM the next day. Unfortunately this was a large patch day as already noted but we were within the general 24 hour production time. The announcement was probably a bit behind but the content was there.
2 Likes
It was opinion: arbitrary based on what I see in terms of my needs, and my bosses demanding progress updates across several companies. I don’t see the cumulative update for 1803 yet, which is something we need for our test group due to VPN issues.
BigFix is now supporting patches for Win10 1803.
1 Like
These still appear to be missing:
Security Update for Microsoft Office 2010 (KB4011275) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB4011274) 32-Bit Edition
Still missing the Windows Point of Sale release also; I saw there are POS releases in the “Patches for Windows” forum post, but nothing for Windows POS…