Applies to:
Windows 8.1/Windows 2012 R2
Windows 8/Windows 2012
Windows 7 SP1/Windows 2008 R2 SP1
Windows Vista/Windows 2008
Does not apply to:
Windows 10 1803 ((tbd))
Windows 10 1709 (Fall Creators update)
Windows 10 1703 (Creators update)
Windows 10 1607 (Anniversary update) / Windows Server 2016
Windows 10 1511 (November update)
Windows 10 1507 (RTM)
I was on-site this year (2018) and I had heard the following:
"We don’t always install hotfixes; We install hotfixes if that specific problem is experienced in the environment. Security and Critical patches take precedence and, in the case of servers, are usually the only update classification we install. KBxxxxxx is entirely optional and doesn’t show up in the WSUS catalog, another reason why we never caught wind of it."
Regarding item #1: "We install hotfixes if that specific problem is experienced in the environment".
Answer #1: The truth is, you probably have the issue, and just haven’t gotten to it. It requires a lot of time investment by using advanced tools such as Sysinternals/ETL tracing (WPRUI/WPR/Xperf), WinDbg (or DebugDiag)/Message Analyzer (or Wireshark or Netmon) and other logs. Or you are understaffed and are not able to take the time to fix the issue.
A lot of companies just end-up rebooting the system or rebuilding the system(s).
Regarding item #2: "Security and Critical patches take precedence and, in the case of servers, are usually the only update classification we install."
Answer #2: Probably the reason that your servers are not 'stable'.
Recommended hotfixes and updates for Windows Server 2012 R2-based failover clusters
Recommended hotfixes and updates for Windows Server 2012-based failover clusters
Recommended hotfixes and updates for Windows Server 2008 R2 SP1 Failover Clusters
Recommended hotfixes for Windows Server 2008-based server clusters
List of currently available hotfixes for the File Services technologies in Windows Server 2012 and in Windows Server 2012 R2
List of Domain Controller Related Hotfixes Post RTM for Windows 8.1 and Windows Server 2012 R2 (Part 2)
etc...
Regarding item #3: KBxxxxxx is entirely optional and doesn’t show up in the WSUS catalog
Answer #3: Yes, and hopefully you were getting the RSS hotfixes for the most recent non-security hotfixes
Most recent hotfixes RSS feed.
https://blogs.technet.microsoft.com/yongrhee/2013/06/27/most-recent-hotfixes-rss-feed/
For example, if there was a "Service Pack 3" for Windows 7 SP1 and Windows Server 2008 R2 SP1, would you have not installed it?
“Enterprise” Convenience Rollup Update II (2) for Windows 7 SP1 and Windows Server 2008 R2 SP1
All of that lead to:
Further simplifying servicing models for Windows 7 and Windows 8.1
More on Windows 7 and Windows 8.1 servicing changes
Regarding item #4: But the KB article has the following statement:
"A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem."
Answer #4: It's a 'boiler' template. A lot of times, the same binary has been updated multiple times.
Let me give you a real world example. A Premier opened a case due to their server bugchecking (a.k.a. BSOD), they got a non-security update created for them. The company was big enough and segmented enough, that their peers opened 11 more cases with the same bugcheck and the fix was the same. So why wouldn't you have deployed it to all the server in the environment?
Q: How do I roll these fixes out?
A: Like you would have done in the past when you were doing a “Service Pack”. Target the IT folks first. Then try a few of your power users in each department in your company. Never have your C-Level executives test, unless you want to spend time working on executive escalations. And then continued with the phased deployment.
[Solution]
In Windows 10 and Windows Server 2016 and newer, that is why Windows As A Service (WaaS) is there.
You get all the "Security updates" and "Non-security update" via the cumulative rollup.
Overview of Windows as a service
https://docs.microsoft.com/en-us/windows/deployment/update/waas-overview
Quick guide to Windows as a service
https://docs.microsoft.com/en-us/windows/deployment/update/waas-quick-start
from TechNet Blogs http://ift.tt/2HsiWBy
via IFTTT
No comments: