Have you ever been told to be careful what you wish for because you might get it? There are many places where this phrase might be appropriate, including Microsoft Update, the umbrella brand for the automatic update system that Microsoft uses to push out fixes for its software.
Don’t get me wrong: Microsoft Update and its predecessor, Windows Update, perform a valuable function by collecting all the updates for a given combination of Microsoft products in one easy place. For example, when I use Microsoft Update on my Microsoft Office Communications Server (OCS) 2007 server, it shows me updates for OCS 2007 as well as Windows Server 2003 and SQL Server 2005, which I have on the same system, all in a single update system. I can review and choose updates to install for all the Microsoft server products at one time instead of going to different places for each server. Windows Software Update Services (WSUS), an optional component you can install on your Windows servers, lets you pull new updates automatically from Microsoft Update, stage them, and distribute them to servers and clients in your organization. All of this is made possible by the Background Internet Transfer Service, an efficient HTTP-based transfer tool that uses idle time, and idle bandwidth, to transfer updates.
You might think that given this arsenal of tools, update and patch management is a simple set-and-forget operation. For small, single-server operations, this might be true, but larger organizations typically have more complex policies that require them to download patches, apply them to a set of test machines, and verify that the updates don’t break anything before distributing them more broadly. The overhead required for doing this kind of testing is a key reason why Microsoft now issues security updates on a predictable schedule; that predictability lets the rest of us plan for the orderly distribution of security updates.
As I write this, Microsoft has just released Update Rollup 4 (RU4) for Exchange Server 2007 SP1. Like other Exchange rollups, RU4 combines the contents of the previous rollup, RU3, with the hotfixes that have been released since RU3 became available. However, RU4 is a little unusual because this is actually its second release. An earlier version was accidentally released on September 9 through Microsoft Update, so Exchange administrators who had automatic updates enabled got the broken rollup—which in turn led to broken Exchange servers.
The moral of this story is pretty clear: You probably shouldn’t enable completely automatic updates on your critical servers. Based on the traffic I saw on mailing lists and newsgroups after the broken RU4 release (and the fact that the Exchange team felt it necessary to blog about the incident), my guess is that a surprisingly large number of us had automatic updates in MU turned on.
The ability to automatically apply security and performance fixes to computers is a fundamentally useful one; I use it on my home clients and recommend (OK, actually, enforce is a better word) it for family members whose computers I support. However, in the enterprise it doesn’t make sense to let updates roll directly to production server systems without any vetting or checking. Before we hit the end of daylight saving time (DST) in North America, you might want to check your automatic update settings, just in case.
End of Article
just a quick correction...it is the Background INTELLIGENT Transfer Service, not internet as listed
pajama October 09, 2008 (Article Rating: )
Thanks for the correction, pajama-- you're 100% right. Sorry about the mistake.
Microsoft on Tuesday announced the availability of the Beta 2 version of Service Pack 2 (SP2) for Windows Vista and Windows Server 2008. Since both operating systems were developed from the same code base, they have a common servicing structure and thus ...
Order Your Fundamentals CD Today! Register today for your in-depth copy of one of three Fundamental CDs on the following topics – Exchange, SQL, and SharePoint.
Implement a Successful Archiving Solution View this web seminar to learn the best practices for creating an email archive that is secure, compliant, and searchable.
Protect Your Company’s Digital Assets Do you know the risks of sending important files over email or FTP? Read this white paper to learn what you can do to safeguard your company’s data.
Prepare Yourself for Exchange Catastrophe Read this white paper to learn how you can keep Exchange server healthy, as well as predict and respond to server failure.
Boost Customer Confidence and Satisfaction Read this eBook to learn how faxing can ease communication with less computer-savvy customers while reducing your security, compliance and support woes.
)
Register
pajama October 09, 2008 (Article Rating: