As a Managed Service Provider (MSP), we manage our client's computers. One of the most important things we do is to make sure that patches, fixes, and updates are installed. But that's a bit more complicated than it sounds.
For example, Microsoft released an update three days ago that is now causing many machines to fail.Today we see this headline:
Microsoft Tells Windows 7 Users to Uninstall Update - PCs Can Fail to Restart
Please see "The Problem" at the end of this blog post. The bottom line is: An automatic update applied to all machines on Tuesday is making some machines fail and others to display false messages about licensing.
Now Microsoft is recommending that you un-install this patch and wait for a patched patch that doesn't have the problem.
Lesson: Do Not Install Every Update!Okay. So you should not install every update. Or at least you need a system to determine which updates should and which should not be installed.
A good computer consultant (managed service provider) will have a process for patching machines. It looks something like this:
- Microsoft releases patch
- Patch is tested by a third party to verify that there are no problems
- If blacklisted, patch is not deployed to client machines
- If whitelisted, patch is deployed to client machines
A good computer consultant will use a Remote Monitoring and Management tool to deploy patches. That way, everyone gets them at once. But they only get the ones that are safe! That's one of the reasons we call it managed services. We manage your machines.
You might think this service costs extra money. But most MSPs simply include it as part of their regular support. After all, the computer consultant has to spend less time fixing machines if the "patches" are all safe and whitelisted. And you, the client, can keep working without interruption.
In a perfect world, you should never have to know that a patch was released and failed. You should just keep working. Your consultant should help you avoid these issues altogether. Your consultant should NOT be charging you to uninstall patches like this simply because he doesn't have a system to avoid them in the first place.
If you don't have a managed service agreement, of course you'll need to pay someone to uninstall this patch. But if you do have a managed service agreement for your computers, then this is just another beautiful Spring day where you can worry about what YOU do for a living and not about your technology.
Lesson: Hire The Right Consultant
Before you hire a technician or consultant, ask about the patch management system they use.
If they stare at you, then blink, and say that they rely on Microsoft's "Automatic Updates," you need to keep interviewing. Automatic Updates put your machine at risk. Yes, they're safe 99.9% of the time. But if you just spent three days trying to figure out why your machines won't start, then that .1% becomes very expensive.
In the 21st Century, every computer consultant should be using an automated patch management (remote monitoring and management) system. If your I.T. person doesn't even know what that is, you should step up to more professional support.
It's guaranteed to cost you less money because you'll have fewer problems and more UP-Time for your computers.
The ProblemHere's what's going on.
1) Microsoft tried to fix a potential security problem. See Microsoft Security Bulletin MS13-036. The "fix" was release in Microsoft Update 2823324. See the Knowledge Base article on Microsoft Update 2823324.
2) Some machines (Windows 7 as far as I can tell from the reports) do not restart after the patch is applied.
3) Some machines give false reports that software licenses are not valid.
4) Now Microsoft is recommending that you uninstall that patch while they work on patching the patch.
Microsoft maintains a blog for talking about these things. See the Microsoft Security Center Response blog. Here's what they say about the issue:
"We are aware that some of our customers may be experiencing difficulties after applying security update 2823324, which we provided in security bulletin MS13-036 on Tuesday, April 9. We’ve determined that the update, when paired with certain third-party software, can cause system errors. As a precaution, we stopped pushing 2823324 as an update when we began investigating the error reports, and have since removed it from the download center.":-)