• lud@lemm.ee
    link
    fedilink
    arrow-up
    2
    ·
    3 months ago

    The problem wasn’t with an update Microsoft pushed out. It was due to an update by crowdstrike which iirc ignored all settings for staged rollout (or there were no settings at all for that)

    It’s not like anyone outside Crowdstrike chooses to have these updates installed. It happened automatically with no way of stopping it.

    • Nibodhika@lemmy.world
      link
      fedilink
      arrow-up
      3
      ·
      3 months ago

      Yes, this specific problem wasn’t caused by Microsoft, but it was caused by the forced automatic update policy that crowdstrike has, which is the same behavior Windows has. So while this time it wasn’t Microsoft, next time it could be. And while you can prevent this from happening on your Linux box by choosing software that doesn’t do this, it’s impossible to prevent it on a Windows box because the OS itself does it.

      • lud@lemm.ee
        link
        fedilink
        arrow-up
        3
        ·
        3 months ago

        You absolutely can (and should) do staged rollout for windows updates.

        Source: We do that at work. We have 3 different patch groups. 1 “bleeding edge”, 1 delay by a day or two, and another one delayed by a bit more. This so so we can stop an update from rolling out to prod if dev breaks.

        • Nibodhika@lemmy.world
          link
          fedilink
          arrow-up
          2
          ·
          3 months ago

          Correct me if I’m wrong, but others have told me that Microsoft reserves the right to push security upgrades that bypass any policy setup by the network administrator.

          • lud@lemm.ee
            link
            fedilink
            arrow-up
            1
            ·
            3 months ago

            Maybe, I’m not sure about that.

            It’s possible that there is a way to for example bypass a company’s WSUS server but I don’t know if there is such a way and I couldn’t find any obvious way when searching.

            Due to the source being hearsay I don’t really feel convinced and if I were you I wouldn’t spread such information further unless you found reliable sources first.

            I’m open to any information about it if anyone can find any reliable information like documentation or blog posts from MS employees.

            Still I highly doubt that is used often at all if it even exists. Only to be used in the absolute direst of times. I would also trust Microsoft much more in such a case that a third party like Crowdstrike.