But with cumulative updates, either solution will be dicey said Chris Goettl, program product manager for patch management vendor Shavlik. Rolling back a Windows 7 update will pose a devil's dilemma: Apply the update and break something, perhaps a business-critical application, or roll it back, leaving who-knows-how-many-other vulnerabilities unpatched.
Nor will it always be possible to "work with the publisher" of an affected application. "Look back at January, when a Windows 10 cumulative update broke the Citrix [WorkstationOS Virtual Delivery Agent]," Goettl said. "Citrix was big enough and was able to react fast enough" to the incompatibility between the Windows 10 update and its software to generate a software update. "But that's not going to be the case for everyone."
Goettl ticked off the kind of ISVs that don't have the resources to jump on a problem caused by an OS update, including small publishers, niche publishers such as those that write software for medical devices, and finally, those long out of business. Alternately, a publisher may have already dealt with the underlying problem that led to update-application incompatibility, but packaged it in a newer version that comes with a price tag.
The new patching model, Goettl predicted, "Will have a lot more impact on [software] vendors supplying companies. There are a lot who cannot react very fast."
Nor was Bradley counting on Microsoft itself to always rapidly react to quality-control problems with the new updates.
"The investigation process [with Microsoft support] is not fun, not efficient and often takes several days for the support team to understand the issue and repro[duce] the problem," she said. "Then it will take several more days for the known issue to be documented in the KB [knowledge database] and often longer still for a note to be posted to the KB."
And for many customers, Microsoft's advice was expensive, Bradley noted. It costs $499 to open a case if a customer is not on a support plan. Although that fee should be automatically refunded if the problem is in a security update, Bradley said that in several instances she has had to formally request the refund before receiving it.
"Not all issues are found by enterprises with TAMs [technical account managers employed by Microsoft] and support reps on speed dial that have key contacts to make the support process a breeze," Bradley said. "Some of the issues are found in the community where people do not relish paying (even temporarily) Microsoft a fee of $499 to tell them they have a bug in their code."
Microsoft's new update model for Windows 7 and 8.1 looks complicated. Credit: Microsoft
Sign up for CIO Asia eNewsletters.