locked
Which update classifications should i use and how am i sure it doesn't change functionality RRS feed

  • Question

  • Hi, We update our Windows clients every month, but we only apply Security updates.

    I would like to convince my management to apply also the Critical updates to our Windows clients on a monthly basis, even de not Critical windows update.

    The management doesn't want me to patch the Windows clients because they are afraid a windows update could break a home made business application. They are convinced that there is an official statement from Microsoft that states that security updates never make functional changes and therefore can't break anything.

    Now they ask me to proof that Critical updates en non critical updates won't make functional changes to the Windows client.

    Is their such an official document out there?

    This is the closest i get: 

    support.microsoft.com/en-us/kb/824684

    Feature pack (New product functionality) ... -> so the other categories won't have functional changes... = assumption.

    Monday, August 17, 2015 12:51 PM

Answers

  • generally that's what I've heard, feature packs and service packs. update rollups are also another one, for example IE11 was released through update rollups and that's a major change if it upgrades the browser on all the clients. I also believe new versions of .net framework come through update rollups but if your app is not using .net then it won't be noticeable

    I think the safest categories are critical updates and security updates. then maybe the updates category.

    the fact is all of this won't help you, even a note from Microsoft.  if you update al the clients using the desired WSUS classifications and the in-house app breaks, it's still your problem to solve.

    the best thing you can do is create an isolated setup and update a client system using all the update categories you want and see if the application continues to work. if it does then you can tell management it's been tested up to this point. that's really the only way you can be sure

    you will have to test it every month when new updates come out but that's how most organizations operate. they do development testing with the new patches and if nothing breaks they roll it out into production. if you're just worried about one app, it's not that much work

    • Marked as answer by PatrickIVB Wednesday, August 19, 2015 11:30 AM
    Monday, August 17, 2015 7:11 PM

All replies

  • generally that's what I've heard, feature packs and service packs. update rollups are also another one, for example IE11 was released through update rollups and that's a major change if it upgrades the browser on all the clients. I also believe new versions of .net framework come through update rollups but if your app is not using .net then it won't be noticeable

    I think the safest categories are critical updates and security updates. then maybe the updates category.

    the fact is all of this won't help you, even a note from Microsoft.  if you update al the clients using the desired WSUS classifications and the in-house app breaks, it's still your problem to solve.

    the best thing you can do is create an isolated setup and update a client system using all the update categories you want and see if the application continues to work. if it does then you can tell management it's been tested up to this point. that's really the only way you can be sure

    you will have to test it every month when new updates come out but that's how most organizations operate. they do development testing with the new patches and if nothing breaks they roll it out into production. if you're just worried about one app, it's not that much work

    • Marked as answer by PatrickIVB Wednesday, August 19, 2015 11:30 AM
    Monday, August 17, 2015 7:11 PM
  • Thank you Armin for your reply.
    Wednesday, August 19, 2015 11:30 AM