Susan ‘patch lady‘ Bradley, a patching expert who manages a bunch of Windows PCs and servers in business, has had enough of Microsoft’s recent uptick in shoddy patches.
She posted an open letter to Microsoft CEO Satya Nadella, Microsoft corporate VP of Windows Servicing and Delivery Carlos Picoto, and the company’s head of all things cloud, Scott Guthrie, pleading for them to urgently address the quality of recent Windows patches.
Her open letter was published on Computerworld’s Woody on Windows column, taking a shot at the execs for putting people like her in the unenviable position of either installing patches that break machines or delaying patches and leaving them vulnerable to publicly known vulnerabilities.
“Today, as Windows 10 turns three years old, I am writing to you to ensure that you are aware of the dissatisfaction your customers have with the updates released for Windows desktops and servers in recent months,” wrote Bradley.
“The quality of updates released in the month of July, in particular, has placed customers in a quandary: install updates and face issues with applications, or don’t install updates and leave machines subject to attack.”
As she points out, July 2018’s Patch Tuesday contained 47 bulletins with known issues. Among the buggy patches include a .NET remote code injection flaw, the Intel CPU Lazy State bug, and the fourth Spectre flaw known as Speculative Store Bypass, which affectedAMD, Arm, and Intel CPUs.
She posted the letter after members of patchmanagement.org community listserve, where she is a moderator, recently began complaining about the quality of updates and the speed of Windows 10 feature updates.
She’s also published the results of a survey of members about what they think of the quality of Microsoft’s recent patches.
The survey mostly asked admins about their feelings towards Microsoft’s Windows 10 patches and she notes that the Windows Insider program isn’t helping identify issues.
The overall responses, she says, showcase “that your customers who are in charge of patching and maintaining systems are not happy with the quality of updates and the cadence of feature releases, and feel that it cannot go on as is”.
Microsoft recently declared Windows 10 April 2018 Update ready for business and boasted it is its fastest Windows 10 rollout ever, installed on 250 million PCs in about two months.
Bradley said responses to parts of the survey aimed at Windows 10 consumer users are the same as those from patching admins in regards to the velocity and volume of Windows 10 feature upgrades each year.
“The majority thought that the feature updates occurred too many times during the year, and they said they were overall not happy with the quality of updates from Microsoft. The full survey results from Microsoft consumer customers can be found here,” she wrote.
Her full post is worth a read for Windows 10 users and admins, as well as Azure users. The letter draws attention to a potential problem Microsoft could be creating via the Windows 10-as-a-service model it introduced in 2015.
The consequence of Microsoft’s breakneck pace of feature releases is that Microsoft could be unintentionally creating a giant security problem, which follows a year of highly damaging malware outbreaks, such as NotPetya and WannaCry, as well as the leak of the extremely dangerous NSA-developed Windows zero-day exploits that enabled each of the malware’s rapid spread across corporate networks.
“I am disturbed when I see users and consultants talk about taking drastic measures to take back control of updating and rebooting. Some are disabling Windows Update as a drastic measure to ensure that updates do not reboot systems when they are not wanted,” she wrote.
And as she notes, Microsoft has acknowledged this problem, last week announcing a new predictive model to only restart Windows 10 PCs for an update when users really have stepped away from work for long enough to begin the process.
But as it is, Bradley believes Microsoft’s mistakes and the effort it’s demanded of Windows users have broken many users’ trust in Microsoft’s patches and software.
“We want Microsoft software to be such that we can indeed install all updates and patches immediately without reservation. As it stands right now, we do not trust the software and the patching quality enough to do so,” she concludes.
ZDNet has contacted Microsoft for comment, which it will include in the case of a response.