Just got some background here, the May 10th update literally broke the ability for many people to logon to a domain. It was extremely broken and businesses that deployed it suffered heavily. The June 14th fix being discussed here in turn broke many backup products in ways people are still trying to understand. Edit: The June 14th update being discussed here also broke Wifi hotspot and RRAS services, the latter being relevant to servers.
So most Windows server admins are quite acceptably delayed in deploying updates. Most standards and policies give an organisation 30 or 60 days to apply a security update outside of a particularly critical issue, and in most cases that's considered appropriate risk management. In this case I don't understand why this is news, there were many CVEs fixed this month but I've generally assessed there are as being very low exposure and no reason to panic. For example, across our whole fleet it took a few minutes to test for the NFS service being installed anywhere and I've found it in zero places.
We don't have the Linux luxury up running an "update Apache" command and getting an update that fixed one CVE, every update is a major cumulative update with its own brokenness and test cycles. Remember at one point Microsoft released an update which broke port binding, and every network service including their own SQL and SMTP servers stopped functioning. That update was rated a critical security fix.
The (edit) July 12th update is the first proper fix for Follina vulnerability, which is now months old. That really should be what people are testing and targetting for rollout.
I wonder who Microsoft sees as Windows customers today.
Not the consumer. There are plenty of anti-consumer features in there. Spontanous reboots for patching, fire risks be damned. Privacy nightmare. Forced microsoft account. DRM.
Not the enterprise. Required manual patch validation. Complexity of upgrade rollouts. Neverending random breakage. Retraining for random vanity UI changes.
All of the above are fixable by listening to the customer and doing the necessary work, and not doing change for the sake of change.
Its only for NFS and not NTFS and only in v4 of NFS at that. Most systems will not need any action and those that do are unique enough that they're should be patched regularly in the first place.
technion|3 years ago
So most Windows server admins are quite acceptably delayed in deploying updates. Most standards and policies give an organisation 30 or 60 days to apply a security update outside of a particularly critical issue, and in most cases that's considered appropriate risk management. In this case I don't understand why this is news, there were many CVEs fixed this month but I've generally assessed there are as being very low exposure and no reason to panic. For example, across our whole fleet it took a few minutes to test for the NFS service being installed anywhere and I've found it in zero places.
We don't have the Linux luxury up running an "update Apache" command and getting an update that fixed one CVE, every update is a major cumulative update with its own brokenness and test cycles. Remember at one point Microsoft released an update which broke port binding, and every network service including their own SQL and SMTP servers stopped functioning. That update was rated a critical security fix.
The (edit) July 12th update is the first proper fix for Follina vulnerability, which is now months old. That really should be what people are testing and targetting for rollout.
hyperman1|3 years ago
Not the consumer. There are plenty of anti-consumer features in there. Spontanous reboots for patching, fire risks be damned. Privacy nightmare. Forced microsoft account. DRM.
Not the enterprise. Required manual patch validation. Complexity of upgrade rollouts. Neverending random breakage. Retraining for random vanity UI changes.
All of the above are fixable by listening to the customer and doing the necessary work, and not doing change for the sake of change.
imperialdrive|3 years ago
nibbleshifter|3 years ago
They somehow manage to ship catastrophically everything breaking shit extremely regularly.
unknown|3 years ago
[deleted]
a2tech|3 years ago
[deleted]
intern4tional|3 years ago
aliswe|3 years ago
gerdesj|3 years ago
[deleted]