Microsoft Windows Patching best practices and guidance


  1. One thing I find is it’s sometimes difficult to understand just what CVE issue some Windows 7 security update is supposed to address; you note the KB number or whatever else Windows Update slimly tells you about a “critical”, “important”, or especially “recommended” security update or some update that “resolves issues in Windows”, but anything you check it against says no more than that (if taking more sentences to do so).

    This could be why earlier this year MS had at least two updates that they then said were causing havoc on PCs and had to be improved, then recommending they be taken out pending improvements. It was nice that a year ago MS added “Windows Update Cleanup” to the native disk cleaner in my Windows 7; but since there are to be no more cumulative rollups past SP1 it’d be nice to know if I have, say, enough third-party security apps running around I don’t really need this or that Windows update (again, if I could find out more about exactly what many things are trying to prevent instead of hearing words in nature of “some vague privately reported vulnerability” I’d be better off). For example, since the “necessary, that is all” updates of August 2014, I can’t upload even the tiniest PDF to some GoDaddy-hosted sites or use their links; this happens even with everything but Windows switched off, but will I be hurting or helping myself if I take all suspect updates out? Or is the problem some arcane DNS issue(s) on GoDaddy’s end or my ISP? It doesn’t help to not know more exactly what kind(s) of things Windows updates are trying to do.

    Apart from that, thanks for another great article especially tips about Windows 8. Cheers!

  2. This past December 9 (Tuesday Microsoft Update) we had a blotched and failed Windows update, KB3004394, which affected a few users machines and cause a big havoc around the net. Luckily Microsoft quickly issued a FIX and all is good now. I personally DO NOT USE the “Windows automatic update and install” feature and have avoided these kind of issues. I have the Windows update feature set as “Download updates and let me choose whether to install them” and usually wait a day or two just to make sure that Microsoft hasn’t made a blooper like what happened this last Tuesday with KB3004394. Do you consider this procedure a good idea? It hasn’t caused me any problems and have been doing this for a few years.

Leave a Reply

Your email address will not be published. Required fields are marked *

7 + 6 =