For some of our production systems we like to wait a few weeks to apply updates so that they've "baked" in the public a bit. We then wait a little longer after before patching backup systems lest we have issues in production with the patches. However, since Microsoft has moved to the cumulative update model, we run the risk of having those backup systems only show the next round of cumulative updates (since more than a month had passed) when what we really want is to install the prior month's. How is that possible? How do others manage this schedule without being forced to aggressively release patches?
Asked
Active
Viewed 964 times
0
-
What are you using to install the patches? WSUS? – longneck Aug 09 '17 at 15:50
2 Answers
1
Cumulative updates are cumulative, meaning "containing all previous updates." There's no danger of your missing out on updates.
Additionally, Update Rollups and Monthly Rollup updates are also cumulative.
joeqwerty
- 109,901
- 6
- 81
- 172
-
To clarify, I'm not concerned about missing out on updates; I'm concerned about our backup environment getting ahead of updates deployed to production (e.g. July cumulative updates are in production because they're installed at the end of July...but spinning up one of our DR environments and applying patches in August would require installing August's cumulative update rather than July's). – DuncanMack Aug 09 '17 at 17:33
-
0
I'm reasonably certain that the only way to mitigate this will be to use WSUS, Systems Center, or some other sort of patch management automation. You'll need to create at least one separate group for Servers, then use whatever system you choose to deploy on the patches that you want.
WSUS has no additional licensing, so at the very least you'll be able to test this without any purchase, just time.
CC.
- 1,196
- 1
- 10
- 22
-
Thanks, I'll explore those options. I started to install WSUS but saw that it wants to install an IIS site which felt overblown and unnecessary on an existing web server. I'll explore the other options mentioned. – DuncanMack Aug 09 '17 at 17:34