VMware Cloud Community
kadiyalav
Contributor
Contributor

Questions Regarding New Microsoft Patching Methodology

Hi All,

Currently using vRealize configuration manager to roll patches to Windows servers and have been for a long time, since before it was a VMware product.  I know that Microsoft is embracing a new single rollup per month patch.  Despite online pros and cons for my environment this is a welcome change since keeping all of our systems up to the latest patching levels for security bulletins and non security updates is a nightmare so it will be nice to have a single cumulative monthly patch to roll out.

I did however find this KB article.

https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=21471...

The line that says 'VMware does not support monthly cumulative roll-ups for Microsoft updates. ' has me worried as it seems like it won't support this.  In addition if it doesn't I didn't think it was possible to get the patches outside of the rollup the only options were the single file containing security only or the single file containing the security and non security patches. 

Does anyone else use vRealize for patching windows systems and if so do you know any additional information about the change?  We primarily use this tool for patching and if we can no longer patch I need to figure out the short term of unforuntely using something like WSUS before we move to a product that supports the rollups. 

Reply
0 Kudos
1 Reply
Oulyanov
VMware Employee
VMware Employee

Hi,

kb says what is says:

VCM going to provide points 1 and 3 from the list on this ms blog (A Bit About the Windows Servicing Model | Ask Premier Field Engineering (PFE) Platforms😞

Security-Only Update

    Collects all of the security patches for that month into a single update

Net Framework Security-Only Update

    Contains only security updates

If you definitely need non-security patches it still should be possible via VCM but you will need to work out this as a separate deployment package with al pro/cons on the process.

We might want to wait till microsoft will release first update made in the new way to see how exactly it will be handled by vcm).

Also you might log an SR to get more inside and awareness about this case.

Regards, Oleg

Reply
0 Kudos