ML
    • Register
    • Login
    • Search
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups

    windows server updates: critical/cumulative/security

    IT Discussion
    hyper-v 2016 windows updates best practices
    3
    3
    835
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • matteo nunziati
      matteo nunziati last edited by

      ok,

      I'm still confused about the terminology. Please, can you confirm and/or fix my interpretation?

      1. critical: not a security fix, but something seriously broken is fixed here.
      2. security: a security fix, something seriously broken is fixed here and a security hole is closed.
      3. cumulative: just use this if you have missed a lot of stuff and you have a long queue updates otherwise. Download this bulk huge fatty thing and align with upstream.
      4. all other types... really too many types here, do they really worth?

      Now the second question.

      Having an hyperv server 2016 should I need to install critical fixes? I mean: if I do not notice any misfunction should I patch? to me it is right to patch as you never know when a critical bug will hit your usage.

      Also, as a general rule I patch manually and I always require recommended updates only. Then I choose what to install.

      any opinion/correction/suggestion?!

      thank you.

      1 Reply Last reply Reply Quote 0
      • zachary715
        zachary715 last edited by

        From https://blogs.technet.microsoft.com/dubaisec/2016/01/28/windows-update-categories/

        0_1507559147608_e656b0c4-99ea-4ffa-b522-89dd68d95887-image.png

        Pretty much all updates are now cumulative. The security or critical part is just simply how it's classified.

        In regards to your second question, my line of thinking would be to see what the non-security critical issue is that the patch is resolving. Are you seeing the issue yourself? If yes, patch immediately. If no, give it a week or two and let others patch first to ensure it doesn't break anything else. If all looks clear, apply in during your next scheduled patch cycle.

        Obsolesce 1 Reply Last reply Reply Quote 0
        • Obsolesce
          Obsolesce @zachary715 last edited by Obsolesce

          @matteo-nunziati said in windows server updates: critical/cumulative/security:

          ok,

          I'm still confused about the terminology. Please, can you confirm and/or fix my interpretation?

          1. critical: not a security fix, but something seriously broken is fixed here.
          2. security: a security fix, something seriously broken is fixed here and a security hole is closed.
          3. cumulative: just use this if you have missed a lot of stuff and you have a long queue updates otherwise. Download this bulk huge fatty thing and align with upstream.
          4. all other types... really too many types here, do they really worth?

          Now the second question.

          Having an hyperv server 2016 should I need to install critical fixes? I mean: if I do not notice any misfunction should I patch? to me it is right to patch as you never know when a critical bug will hit your usage.

          Also, as a general rule I patch manually and I always require recommended updates only. Then I choose what to install.

          any opinion/correction/suggestion?!

          thank you.

          I do at least Critical, security, and definition updates to all servers, hypervisors included.
          For Windows10 desktops, I do everything.

          But I do it all through WSUS.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post