Microsoft has recently updated their decades-old standard patching process, which amounts to what some have called a “seismic” shift in the process. Now, windows patches will be deployed in a cumulative patch, without giving users the option to select and choose (or reject) individual patches throughout the process. This changes how end users, MSPs as well as software vendors and partners approach patching, leaving the entire channel to reassess their internal processes as a result of this shift.
However, there are numerous reasons and benefits for the change. Recently, Continuum Senior Product Manager Nico Dard was a guest on MSP Radio, where he discussed some of the changes, and how to handle them. Nico explains the two major reasons for the change: ease of use moving forward, and most importantly, security.
“Nico Dard: So one thing [Microsoft] knows, because they track all the computers, they know exactly which patches have been released and which patches have been deployed, and they know that some patches are not deployed everywhere, for X or Y reason. And that’s mostly because people are afraid of deploying them, or of the impact. But something that everyone has to know is that more than 80% of security breaches are usually due to a software vulnerability that has not been patched. So Microsoft knows that. And what they want to do is make sure that all those old patches are deployed.
[Microsoft] understands that patching is a nightmare. Patching is complicated. It is disruptive. What they want to do is make it as easy as possible because if you look at the long term, if you look at the long run, at one point, the only thing you're gonna have to do is install one patch, and your computer is up to date.
So the days of setting up Windows 7 and then launching Windows update and having it reboot seven times, and it...you know…. We went through that. It takes a whole day just to get a computer up to date. Those days will be gone, in a year. A year down from now, it's gonna be [entirely] gone. All you're gonna do is click once, gonna install that one big roll-up patch. You can reboot once, and your computer will be up to date. They are definitely addressing that usability issue.
Nate Teplow: Yeah, absolutely. I think that's an important distinction too, is that I'm sure there's some friction here in the next, maybe let's say, six to twelve months. But as we start getting more standardized software out there, it's gonna make this update process a lot easier.”
Continuum has created a patching best practices guide for its partners, which is available here. We've taken a look at all the different policies we have across our end points, analyzed which policies are set up that ensure a higher patching success rate and summarized that information into an easy to use guide. You can easily access the link at Continuum.net/podcast.
To hear the rest of the conversation, listen in the player below, and be sure to subscribe to the Continuum Podcast Network for more important information, interviews, opinions and perspectives on the MSP industry, as well as plenty of tips on how to grow your business!