Microsoft has announced major changes to the way it will release patches going forward, claiming they will offer quicker access, improved control over deployment and reduced management costs.
Windows Update for Business will arrive with the forthcoming Windows 10 operating system.
It’s been designed to offer three major improvements over the existing update mechanism for enterprises, Microsoft’s executive vice president of operating systems, Terry Myerson, wrote in a blog post.
The first, “distribution rings”, will enable IT admins to decide which devices to roll patches out to first and which should come later after any “kinks” have been worked out.
The next, “maintenance windows”, allows IT teams to specify specific timeframes when patches should and should not be applied – to ensure a smoother security upgrade process.
Finally, “peer to peer delivery” has been designed so that IT can more easily roll out patches to branch offices and remote sites which may have limited bandwidth.
The new system will still integrate with System Center and Enterprise Mobility Suite, Myerson added.
It should be noted that home users will be treated rather differently. Microsoft will effectively do away with Patch Tuesday and move them onto a 24/7 update cycle, which could reduce their vulnerability window significantly.
This could also be useful for businesses, as they can wait to see what problems, if any, have been encountered by consumers from the new updates and respond accordingly.
Shavlik product manager, Chris Goettl, argued that the changes will provide a “strong set of features to enable companies to improve on their update process.”
“We have always recommended organizations have certain groups of users adopt updates immediately upon release. Remote users and laptop users (the road warriors) would be good groups to put in the faster-moving branches,” he added.
“On-premise machines that have multiple layers of defense could remain on long-term service branches and keep more to monthly maintenance schedules, but we would still urge customers to move any end-user machine to more aggressive update schedules. We recommend weekly updates as the number of third-party releases throughout the month are quite high and include a lot of security-related updates.”
Clearswift SVP of products, Guy Bunker, welcomed the changes, with the caveat that they will only take effect for Windows 10 users.
“Many organisations won’t upgrade until the next hardware refresh which may be a few years away, so the existing problem with upgrades and patching will continue. However, moving forwards I do believe that this initiative will make life easier,” he told Infosecurity.
“It would be good to see other application vendors integrating with the initiative – if the IT department is going to segment users and devices, then it would be great if other application updates could also be rolled out in a similar fashion.”
Bunker added that patching is only effective as part of a comprehensive security strategy incorporating data loss prevention and other elements.
“The old adage of security in depth still applies come what may – whether you use the new Widows Update service or not,” he argued.