In order to keep track of these incompatibilities, Microsoft added a new compatibility registry key that must be set by an anti-virus vendor in order for Windows Update to continue functioning. They were notified, encouraged to test the fixes, and issue updates accordingly. Early on, when testing security updates, Microsoft noticed that many anti-virus vendors were not compatible with the fixes. With the this year’s news of the Intel vulnerabilities and subsequent patches for Spectre and Meltdown, Microsoft did something very unusual to its update process. Right? What is changing next that we need to be concerned about? This ensures the latest and greatest are always delivered and vulnerabilities are automatically remediated in a timely manner. While enterprises still have the ability to control their own patch schedules, most environments are forced to accept them every month – as one bundle. Recently this has evolved by bundling all of the patches in one distribution versus allowing organizations to select which ones to deploy. In today’s environment, things are changing again and that may no longer be true.īeginning with Windows 10, Microsoft began enforcing automatic patch deployments on its desktop operating system. Hence, spinning off of the old cliché, “a patch in time saved nine.” A single update versus potentially dozens allowed for time savings and an easier patch cycle. For an operating system like Windows XP or Windows 7, this could literally be hundreds of patches – so organizations embraced service packs and cumulative updates to shorten this process and ensure every required patch was applied. In addition, if any patches failed, diagnosing the issue was difficult and could prevent additional dependent updates from being applied as well. If you think back only about 10 years ago, Microsoft Windows Update was a part of Internet Explorer and you had to run it over and over, reboot in between, and patiently wait for each patch to download and install until the asset was up-to-date.
0 kommentar(er)
