locked
Compute instance security patching RRS feed

  • Question

  • One of the advantages of Azure is that Microsoft keeps the Windows installations patched up for us. Is that a completely automated process? Or is there anything that I can or should be doing to help? 

    For example, the most recent Patch Tuesday release had a critical security fix in it. Is that automatically applied to all my VMs now? Would it be desirable for me to reimage my VMs, or redeploy them from scratch?

    Wednesday, March 14, 2012 3:38 PM

Answers

  • Hi Brian,

    I think the critical security fix might have been applied a few hours ago (one of my services with 1 instance has been rebooted). If you look at the Guest OS updates, you can see that there has been a new release yesterday (including this critical security fix):

    Windows Azure Guest OS 2.9 (Release 201112-03)

    You can follow the release of new OS versions here: http://msdn.microsoft.com/en-us/library/ee924680.aspx  

    On the MSDN page you can see that it can take several days for the new Guest OS to fully propagate across Windows Azure:

    When a new release of the Windows Azure Guest OS is published, it can take several days for it to fully propagate across Windows Azure. If your service is configured for auto-upgrade, it will be upgraded sometime after the release date, and you’ll see the new guest OS version listed for your service. If you are upgrading your service manually, the new guest OS will be available for you to upgrade your service once the full roll-out of the guest OS to Windows Azure is complete.

    So just to be sure you could choose to re-image the VM.

    Sandrino


    Sandrino Di Mattia | Twitter: http://twitter.com/sandrinodm | Azure Blog: http://fabriccontroller.net/blog | Blog: http://sandrinodimattia.net/blog

    Wednesday, March 14, 2012 3:54 PM

All replies

  • Hi Brian,

    I think the critical security fix might have been applied a few hours ago (one of my services with 1 instance has been rebooted). If you look at the Guest OS updates, you can see that there has been a new release yesterday (including this critical security fix):

    Windows Azure Guest OS 2.9 (Release 201112-03)

    You can follow the release of new OS versions here: http://msdn.microsoft.com/en-us/library/ee924680.aspx  

    On the MSDN page you can see that it can take several days for the new Guest OS to fully propagate across Windows Azure:

    When a new release of the Windows Azure Guest OS is published, it can take several days for it to fully propagate across Windows Azure. If your service is configured for auto-upgrade, it will be upgraded sometime after the release date, and you’ll see the new guest OS version listed for your service. If you are upgrading your service manually, the new guest OS will be available for you to upgrade your service once the full roll-out of the guest OS to Windows Azure is complete.

    So just to be sure you could choose to re-image the VM.

    Sandrino


    Sandrino Di Mattia | Twitter: http://twitter.com/sandrinodm | Azure Blog: http://fabriccontroller.net/blog | Blog: http://sandrinodimattia.net/blog

    Wednesday, March 14, 2012 3:54 PM
  • Sandrino,

      That's exactly what I was looking for, thanks! 

      I just looked through my instance (currently 13 roles in 11 hosted services) and all of them were already upgraded to the latest patch level. I did redeploy two of the roles this morning for other reasons, but the other 11 roles must have upgraded on their own at some point. So that's a pretty reasonable speed, at least. 

      I marked this as the answer, but if any Microsoft people would like to comment on the normal upgrade schedule I'd be interested to hear it. 

    Thanks,

    BKR

    Wednesday, March 14, 2012 4:00 PM
  • Thursday, March 15, 2012 3:27 AM