Microsoft’s new patching policy may be an IT pro’s nightmare

As of the latest Patch Tuesday, Microsoft has done away with letting PC and business users decide which patches they want to download. 

Instead, users will have to install most Windows patches as a group. That can cause real headaches for users as:

  • holding off on patches for notoriously difficult or buggy systems will no longer be an option
  • patching critical systems while waiting for less critical ones won’t work, and
  • if a patch causes trouble, the only option will be to remove the entire thing rather than just the part that was broken.

There was warning

This policy isn’t entirely a surprise: Microsoft had announced it earlier this year and published a reminder in August, as Brian Krebs points out.

But that doesn’t mean it won’t catch some off guard. There have been plenty of instances of Microsoft changing and streamlining its policies on patches and security updates since the debut of Windows 10.

And many of these new policies haven’t exactly been welcomed by IT pros, especially given the complexity of managing patches and the piecemeal ways most companies have to deal with them.

Still important

One thing’s for sure: Updating as quickly as possible and feasible remains the best policy.

Look no further than the most recent patch which included at least five patches for dreaded zero-day vulnerabilities.

It may be time to reevaluate your organization’s patching methods and policies, however, to deal with this new reality of an inflexible timeline.