Discussion in 'Business & Enterprise Computing' started by PabloEscobar, Dec 11, 2014.
That's been happening for a long time (from time to time that is).
I have come across it once or twice, it does not seem to be any particular update that does it and it seems to just go away.
Just blame the gremlins
Coming up to D-Day...
More info here, which does a little bit to allay my concerns
Firstly, they are pushing a "Security-Only Quality Update" that does NOT appear to be cumulative. So systems that have declined updates (for reasons) aren't going to crash and burn.
Secondly, the Cumulative Updates (Monthly Quality Rollup) won't start filling out until the start of 2017, and won't be complete for several months.
.Net has its own Rollup patches, not included in the above.
i like that i don't have to change my ADR's in sccm.
i only push critical and security patches from there.
i will be watching it like a hawk though.
i can't understand why they're having security updates and non security updates in the one release.
why don't they have a security rollup and a non security rollup?
why mix the two?
If you approve Security, then you will be approving both, which looks like it will lead the situation mentioned partway down (depending on what order they get installed in).
Security Rollup is avaialble only via WSUS channels.
Security + Updates rollup is available via Normal Windows Update.
I guess it would have been to much work to break out Updates Rollup and make both available via all channels.
well then maybe i should re-asses my ADR's.
they download critical and security classification, so they will download both security-only and monthly rollup because they're both "security" classification right?
i don't think it's going to matter too much if i leave my ADR's to just grab them both, but if it goes pair shaped i could change my ADR to search for "Security Only Quality Update" instead, but how long do you reckon it will be before they start dicking around with the title of the patches?
if i'm following this correctly, the monthly preview rollup (week C) won't download via my ADR because it has the "updates" classification, but the following month the fixes released will be moved into the monthly rollup (which has the "security" classification) and will then come down via my ADR.
Thats my understanding, yes
It depends on what you want , Unexpected things might happen if you deploy both though I'll just be approving the Security Only ones I think... I hope they do dick around with them.
security-only quality update
security monthly quality rollup
preview of the monthly quality rollup
Are pants-on-head names.
Monthly - Security Updates
Cumulative - All Updates
Cumulative - Preview Updates
make more sense
Yep, so if you don't want any 'updates' then you need to not approve the "security monthly quality rollup"
which is why i'm questioning the decision to mix security and non-security fixes into the one patch.
i'm sure they could quite easily release them as:
"Security" - contains cumulative security updates
"Updates" - contains cumulative non-security updates
"Preview" - contains a preview of "Updates"
if they wanted they could have a preview of security updates as well.
they talk about using rings to roll the updates out, surely having 4 releases consisting of 1 x security, 1 x non-security and a preview of each would make that a much simpler task.
updates released in previews that are found to be bad can be fixed or removed before going out in the following month's patch.
Previews of Security would tip their hand to soon and allow nefarious types to focus on bugs that they *know* exist. Everyone would be forced to run on the Preview ring for security, or be at increased risk.
Still can't see why they have to mix security and non security fixes though.
Simplifies distribution to the unwashed masses.
Now, home users either have "the October update" or don't.
Out of interest, what's the percentage of unwashed home PC's compared to Business licenses?
I know this has been often stated in the rant thread, but it appears MS strategy of chasing iOS market share (and the cumulative update model that appears to be tied to it) will eventually erode their conservative, risk adverse and slow moving base.
looks like we've received our first groups of updates on our WSUS server at work, but the naming is a bit confusing...
For each server / workstation OS we have updates for we have October 2016 security monthly quality rollup and October 2016 security only quality update...
we normally just do security updates on servers, if we just want updates and no extra things which update should we be using, i'm guessing the security only one but can someone confirm?
correct. security only.
What have people been doing, and hows it been going?
Plan here I think will be
Quality Updates unless something is broken in them, with a fallback position of Security Only.
Once the Preview Update is fully cumulative, we'll start a mini-project to bring everything up to that level.
handy dandy patch info page - https://onedrive.live.com/view.aspx?resid=C756C44362CD94AD!2257
http://patchchart.com/ is easier to remember .
So far so good, My house hasn't burnt down, and none of my goats have been impregnated by the October monthly patch... Maintenance window for important servers is Saturday though.
OK. Cool. You're all scheduled to impregnate some goats on Saturday.
Dear god! Just found a rather nasty one.
Applied some Server 2012 R2 updates tonight on Hyper-V VMs one of which is running Exchange 2013
On reboot the vm hangs for ages on "Getting windows ready, Do not turn off"
Seems related to this KB3063109
Just starting in Safe Mode with Networking now to rollback the updates and see if it recovers.
Edit: Took two restarts to safe mode (first one restarted before a login screen) but it finally got me a Safe mode desktop, then I could restart again and start normally, and the KB was gone and system functional again.