22 days of security

Recently Microsoft paused the release of Windows 10 fall release due to some data loss bugs.  This is just the latest of patching quality issues that leaves me concerned.

Ed Bott and Mary Jo Foley added to the choir of voices asking Microsoft to slow down and focus on quality, not quantity.  I remember a time years ago that patches came out at any time, any hour and I had to review if I was at risk of attack and consider installing updates during lunchtime and rebooting our office server to ensure that I was protected.  Now we are at a point in time that no prudent person alive would install updates on the day they come out.  Even worst, most prudent folks are waiting at least a week or longer.  That’s making me very paranoid that we are going to have a very bad security issue arise because we aren’t patching.

In patching there is a point in time where the risk of installing the patch and the resulting side effects is less than the risk of the attack that the patch is protecting you from.  It’s that point in the middle where the scale tips away from patch pain to risk of attack that is the perfect point of installing updates.  Microsoft tries to be the system administrator for all home users and any small (or even medium) business that is looking to Microsoft update for their updates.

As we come up to the 15 year anniversary of when Microsoft moved to a second Tuesday security patch release, I honestly feel that patches have less quality than before.  It’s time for Microsoft to slow down the feature release process and focus on quality, not quantity.