windows server updates: critical/cumulative/security



  • ok,

    I'm still confused about the terminology. Please, can you confirm and/or fix my interpretation?

    1. critical: not a security fix, but something seriously broken is fixed here.
    2. security: a security fix, something seriously broken is fixed here and a security hole is closed.
    3. cumulative: just use this if you have missed a lot of stuff and you have a long queue updates otherwise. Download this bulk huge fatty thing and align with upstream.
    4. all other types... really too many types here, do they really worth?

    Now the second question.

    Having an hyperv server 2016 should I need to install critical fixes? I mean: if I do not notice any misfunction should I patch? to me it is right to patch as you never know when a critical bug will hit your usage.

    Also, as a general rule I patch manually and I always require recommended updates only. Then I choose what to install.

    any opinion/correction/suggestion?!

    thank you.



  • From https://blogs.technet.microsoft.com/dubaisec/2016/01/28/windows-update-categories/

    0_1507559147608_e656b0c4-99ea-4ffa-b522-89dd68d95887-image.png

    Pretty much all updates are now cumulative. The security or critical part is just simply how it's classified.

    In regards to your second question, my line of thinking would be to see what the non-security critical issue is that the patch is resolving. Are you seeing the issue yourself? If yes, patch immediately. If no, give it a week or two and let others patch first to ensure it doesn't break anything else. If all looks clear, apply in during your next scheduled patch cycle.



  • @matteo-nunziati said in windows server updates: critical/cumulative/security:

    ok,

    I'm still confused about the terminology. Please, can you confirm and/or fix my interpretation?

    1. critical: not a security fix, but something seriously broken is fixed here.
    2. security: a security fix, something seriously broken is fixed here and a security hole is closed.
    3. cumulative: just use this if you have missed a lot of stuff and you have a long queue updates otherwise. Download this bulk huge fatty thing and align with upstream.
    4. all other types... really too many types here, do they really worth?

    Now the second question.

    Having an hyperv server 2016 should I need to install critical fixes? I mean: if I do not notice any misfunction should I patch? to me it is right to patch as you never know when a critical bug will hit your usage.

    Also, as a general rule I patch manually and I always require recommended updates only. Then I choose what to install.

    any opinion/correction/suggestion?!

    thank you.

    I do at least Critical, security, and definition updates to all servers, hypervisors included.
    For Windows10 desktops, I do everything.

    But I do it all through WSUS.