Have you ever been told to be careful what you wish for because you might get it? There are many places where this phrase might be appropriate, including Microsoft Update, the umbrella brand for the automatic update system that Microsoft uses to push out fixes for its software.
Don’t get me wrong: Microsoft Update and its predecessor, Windows Update, perform a valuable function by collecting all the updates for a given combination of Microsoft products in one easy place. For example, when I use Microsoft Update on my Microsoft Office Communications Server (OCS) 2007 server, it shows me updates for OCS 2007 as well as Windows Server 2003 and SQL Server 2005, which I have on the same system, all in a single update system. I can review and choose updates to install for all the Microsoft server products at one time instead of going to different places for each server. Windows Software Update Services (WSUS), an optional component you can install on your Windows servers, lets you pull new updates automatically from Microsoft Update, stage them, and distribute them to servers and clients in your organization. All of this is made possible by the Background Internet Transfer Service, an efficient HTTP-based transfer tool that uses idle time, and idle bandwidth, to transfer updates.
You might think that given this arsenal of tools, update and patch management is a simple set-and-forget operation. For small, single-server operations, this might be true, but larger organizations typically have more complex policies that require them to download patches, apply them to a set of test machines, and verify that the updates don’t break anything before distributing them more broadly. The overhead required for doing this kind of testing is a key reason why Microsoft now issues security updates on a predictable schedule; that predictability lets the rest of us plan for the orderly distribution of security updates.
As I write this, Microsoft has just released Update Rollup 4 (RU4) for Exchange Server 2007 SP1. Like other Exchange rollups, RU4 combines the contents of the previous rollup, RU3, with the hotfixes that have been released since RU3 became available. However, RU4 is a little unusual because this is actually its second release. An earlier version was accidentally released on September 9 through Microsoft Update, so Exchange administrators who had automatic updates enabled got the broken rollup—which in turn led to broken Exchange servers.
The moral of this story is pretty clear: You probably shouldn’t enable completely automatic updates on your critical servers. Based on the traffic I saw on mailing lists and newsgroups after the broken RU4 release (and the fact that the Exchange team felt it necessary to blog about the incident), my guess is that a surprisingly large number of us had automatic updates in MU turned on.
The ability to automatically apply security and performance fixes to computers is a fundamentally useful one; I use it on my home clients and recommend (OK, actually, enforce is a better word) it for family members whose computers I support. However, in the enterprise it doesn’t make sense to let updates roll directly to production server systems without any vetting or checking. Before we hit the end of daylight saving time (DST) in North America, you might want to check your automatic update settings, just in case.
End of Article
just a quick correction...it is the Background INTELLIGENT Transfer Service, not internet as listed
pajama October 09, 2008 (Article Rating: )
Thanks for the correction, pajama-- you're 100% right. Sorry about the mistake.
An often irreverent look at some of the week's other news, including a Vista Capable dismissal request, Zune price reductions, Morrow musings, Novell and Microsoft sitting in a tree ... two years later, Yahoo!, IE 6 on Windows Mobile, and so much more ...
Cluster continuous replication and Volume Shadow Copy Service might have made backups unnecessary in Exchange 2007, but will admins feel comfortable without a dedicated backup solution in place? ...
Order Your SQL Fundamentals CD Today! Learn how to use SQL Server, understand Office integration techniques and dive into the essentials of SQL Express and Visual Basic with this free SQL Fundamentals CD.
You've Deployed SharePoint...Now What? This one-day free online conference delivers the technical knowledge needed to kick MOSS up a notch. In one information-packed day, independent SharePoint experts will present practical, real-world information and provide take-away, ready-to-use solutions
What Would You Do If You Ran Microsoft? ITTV's 2008 inaugural video contest, "If I Ran Microsoft..." is your chance to tell it like it is. Be goofy or be serious, but don"t miss this chance to have fun, win prizes, and go viral in a major way.
Maximize Your SharePoint Investment This web seminar discusses how true bi-directional replication of SharePoint content from one server to another enables branch offices to maintain access to current SharePoint content.
)
Register
pajama October 09, 2008 (Article Rating: