Friday 21 November 2014

Patching Bad: The new reality of systems updates.


I have been chatting with my colleagues about the stability of Microsoft patching over the past few weeks.  Remember the days when Microsoft would ship patches that would break your desktop or server environment? Or, update a critical component to your line of business applications (LOB) such as Microsoft XML (MSMXL) that "dropped" your trading floor?

Well, over the past few years Microsoft has really upped its game and we have seen very few problems. In fact, it looks like most system administrators have been just shipping out the latest Microsoft patches, with very little testing. Maybe a quick loop through the IT department prior to a full-scale deployment. And the number of issues raised,  has (in general) been pretty minimal. When you did a cost analysis of testing each patch or update against an application or workstation build portfolio, it really looked like a detailed testing plan lost out to a "reactive find and fix" strategy after each update.

That thinking may be changing.

Over the past few months, we have seen a number of patches that have caused Blue Screens of Death (BSoD's) and recently a
Microsoft security update (KB2984972) that attempted to resolve a Remote Desktop Protocol (RDP) security vulnerability also broke their Microsoft App-V virtualisation technology. In addition to these issues, Microsoft has also had to re-release (redo) four updates for this past October Patch Tuesday release. 

Some are even calling Microsoft's Patch Tuesday, "Black Tuesday" due to all of the compatibility and retracted patches.

This RDP update left some Microsoft App-V users with a "Loading MyApp 100%" message that stopped any App-V converted application from starting or running correctly. This particular issue has now been resolved by Microsoft with a series of registry fixes. You can find the update here

This bug has been fixed, but Microsoft's patching reputation is now at risk....


References:

Microsoft Sources Registry Edits to Fix KB2984972 Breaking App-V Packages

Four more botched Microsoft patches: KB 3000061, KB 2984972, KB 2949927, KB 2995388

No comments: