Should my business do the latest Windows update?

By Luke Smits - Founder & Operations Manager
patch management, Windows updates, windows patches, it managed services, Microsoft, data security, cyber security.

One morning, not too long ago, the P1 Technology team were greeted by a few dozen phone calls from clients who couldn’t login to their systems. On further investigation, the cause of the stress was discovered to be related to a Windows upgrade (or patch as we techies call it).

The upgrade was forcibly pushed out by Microsoft, despite our patch management being setup with instructions to Microsoft not to do this. But Microsoft unfortunately have a habit of thinking they know best, and without considering the possible consequences, push out updates through force anyway. And all the issues associated with it, fall back onto managed IT service providers.

The Windows version upgrade in question in this scenario caused a few dozen computers that were still running older versions of Windows, to be instantly upgraded to the latest and greatest version and in the process, broke the ability for users to login using their Azure AD credentials. At P1 Technology, we have a separate profile on most machines to account for just this type of issue and so our clients were back online fairly quickly.

But the question was asked time and time again – why don’t we just block the updates all together?

You can’t ignore updates forever. 

If you ignore updates forever, then your systems will become exposed to security gaps in the Windows operating system (techies call these gaps “exploits”). Believe it or not, these types of gaps are the exact reason why patches are pushed out. Programmers find the holes that could cause your system to be compromised and they push out patches to plug the holes. If they didn’t, cyber criminals could find the holes and use them to exploit you, by infecting your data, stealing your data or even through trojan style attached where hackers monitor your system over a long period of time and when they have the information they want, they will lock your system down and blackmail you to get it back.

Not a good position to be in.

But there is such a thing as a faulty update

On the other hand, if you just allow updates to run whenever Microsoft decide to release them, then you’re at risk of getting a faulty patch. And this can cause more problems than it prevents.

As an IT partner working in the best interests of your business, we do a delicate balancing act by trying to roll out patches very soon after they release. We do this in a controlled environment so that your business doesn’t end up being a guinea pig to see if an update will be successful. This is why we implement patch management. And it usually works pretty well, except for when Microsoft changes the game and pushes out updates before we’ve approved them (despite our patch management settings). 

Patch Management isn’t perfect. But it’s better than the alternatives.

In the end, there are very few things in life that are perfect. There is best practice though and that’s why we adopt patch management for our clients. This way, we can tell you what needs patching, what hasn’t been patched and where your potential data security risks are, rather than your business going on in blissful ignorance of how your business might be exposed to cyber-crime.

Back to News