To Patch or Not To Patch

Unless you've been under a rock lately it would be pretty hard to not have seen something related to patching gone wrong on Windows. From DST patches coming out the week of DST to the recent cursor patch which broke various software, life has not been rosey, even if you use those rose colored glasses.

Today was no different as it started with three calls from three different sites all reporting errors and blue screens when they booted their systems. One user reported a blue screen every time they tried to print while another could not even get into their system for all the error messages. Knowing patches came out on Tuesday and it was likely today was the first day any of these systems had gone through a full update and reboot cycle it was pretty easy to see the problem was clearly Windows Patches Gone Wrong.

So I'm not going to go into various fixes or a huge Microsoft rant but rather just bring up the point that do you patch or not? Is it worth it to break your systems on a bi-weekly or monthly basis just in case there is an attack or exploit? What are you telling your customers when you break their networks each month and then charge them to fix it?

It's apparent from some of the comments I am hearing from various Microsoft Partners, including some outspoken MVP's, that blindly patching as patches come out is not something they are going to keep doing. This SBSC has long since refused to patch on Patch Tuesday allowing for others to do the "beta" testing then approving only those updates which pose a real security risk. With my SBSr2 or server less customers however updates have been set to the default however that is about to change starting this week.

For another read on this topic check out this blog:

"So, all up, I have to express my disgust, once again, in Microsoft's mishandling of another patch release. Don't get me started on Windows Server 2003 SP2..."

http://hiltont.blogspot.com/2007/04/microsoft-patch-releases.html