from what information is available:
- there are no more individual patches.
- each rollup contains a number of 'fixes'
- you cannot install/uninstall the fixes individually.
- each rollup is two KBs - one for the security only, the other for security+other fixes
- each rollup is cumulative - may's rollup has all the fixes from april.
in bsa you should just see two KBs for the month - and be able to analyze for each and then deploy. if you deploy only the security path, the security+other will show as missing.
Thanks for the link Bill. I had searched but didn't come across it. Good to know. It's going to be quite the culture shift not being able to "exclude" a certain patch (from our customer end) - but good to know we shouldn't have to worry about getting the patches available for use.
You can still exclude a patch, it just means you won’t get the entire rollup ☺
And that also means you can’t apply and future rollups until whatever problem is fixed. for home users it won’t matter, but this seems like a huge issue for the enterprise environment. i’ve seen various threads on microsoft’s community voicing concerns about this and the lack of clarity around the details like skipping certain fixes, etc.
Cody I'm hoping to speak with MS rep this week to get additional details on the patching process for next month. Also, have on-going conversations with Shavlik to make sure there is no impact to our customers using BSA for windows patching. I'll update the thread once I get more info.
Bill, from the sounds of it, if you exclude patch X, the next month, patch Z will include patch X so it won't matter (so fix your incompatible apps!)
So are we not able to exclude KB's from roll-up patches within BSA? Since the following month's rollup will include it? Let me know
That's correct. There is only one payload deployed.
this is by design from microsoft - the bundle installs are all or nothing.
FYI - Microsoft patches for Spectre and Meltdown are causing stop errors on "some systems" running Symantec End Point 12, 14 and Malwarebytes.
Microsoft URL and advisory about incompatibility issues:
Alert - "To help prevent stop errors caused by incompatible anti-virus applications, Microsoft is only offering the Windows security updates released on January 3, 2018
to devices running anti-virus software from partners who have confirmed their software is compatible with the January 2018. Windows operating system security update.
If you have not been offered the security update, you may be running incompatible anti-virus software and you should follow up with your software vendor."
Patch link for Microsoft KB - https://support.microsoft.com/en-us/help/4056897/windows-7-update-kb4056897 and
What are my options for excluding this patch / rollup?