Applying updates every month is not something system administrators look forward to but they are necessary and extremely important in the times we live in.
Most updates each month include security updates. Security issues are the worst possible type as they may be exploited by malware or hackers. These types of situations are regularly identified in various parts of Windows – ActiveX, IIS, Internet Explorer and .Net Framework are just examples. Other updates address other bugs and issues in Windows. Even though they are not responsible for security vulnerabilities, they might impact the stability of your Operating System. Last, but not least, Windows Updates sometimes come with new features, while patching some known issues – and the best example for this is IIS and Internet Explorer.
The code that makes up the Windows operating system contains security loop holes, errors, incompatibilities, or outdated software elements. In short, Windows isn’t perfect, we all know that. The latest Windows security patches fix the vulnerabilities and errors in Windows and associated software, and they occasionally add new features. This essentially summarizes why you should regularly run a Windows Update.
Security issues are regularly identified in various parts of the Windows operating system, including the main platform. Even if you do not run the respective software, it is a risk not to patch it, simply because it is installed on your system. Note that these updates are required, even if you are running anti-malware or anti-virus software, as that software may not sufficiently protect you from Windows security issues.
Consequences to Not Installing Updates
Potential consequences of not installing security updates are damaged software, loss of data, or identity theft. Every year, malware causes damage of millions of dollars worldwide. The main reason is that users don’t install critical software or operating system updates, allowing malware to exploit loopholes that exist in every software ever developed. Vulnerabilities can potentially be exploited within hours of them becoming publicly known. So once a security update is available, you should plan to install the fix to protect your system from malware attacks.
Some ways to control and monitor the deployment of Microsoft updates in a corporate environment is with products like WSUS or System Center Configuration Manager(SCCM).
Here is a list taken from Microsoft of some common types of updates available each month.
Critical Updates are a widely released fix for a specific problem that addresses a critical non-security-related bug.
Security updates are a widely released fix for a product-specific, security-related vulnerability. Security vulnerabilities are rated by their severity. The severity rating is indicated in the Microsoft security bulletin as critical, important, moderate, or low.
Monthly Rollups are relatively new. They are a tested, cumulative set of updates. They include both security and reliability updates that are packaged together and distributed over Windows Update, WSUS, System Center Configuration Manager and Microsoft Update Catalog for easy deployment. The Monthly Rollup is product specific, addresses both new security issues and non-security issues in a single update and will proactively include updates that were released in the past. Security vulnerabilities are rated by their severity. The severity rating is indicated in the Microsoft security bulletin as critical, important, moderate, or low. This Monthly Rollup would be displayed under the title Security Monthly Quality Rollup when you download or install. This Monthly Rollup will be classified as an “Important” update on Windows Update and will automatically download and install if your Windows Update settings are configured to automatically download and install Important updates.
A service pack is a tested, cumulative set of all hotfixes, security updates, critical updates, and other updates. Additionally, service packs may contain additional fixes for problems that are found internally since the release of the product. Service packs may also contain a limited number of customer-requested design changes or features.
Non Critical Updates
While non critical updates are not responsible for security-relevant vulnerabilities, they may still be very annoying as they potentially impact the performance and stability of Windows. So the main reason for installing general updates is to avoid or resolve Windows issues and hopefully have a smooth running System.
Microsoft will test the latest updates prior to release on the second Tuesday of each month. Unfortunately, there are an infinite number of hardware and software configurations that could exist on a Windows computer. Testing all possible computers systems would be almost impossible.
When a Windows update causes a problem it’s likely due to a software or driver that has issues with the update, not the update itself.
It is very important to create a group of desktops and servers for testing the latest updates. Once the updates are applied to the test, computers monitor and document any irregularities in behavior of the test systems. Although Microsoft updates rarely cause a problem it has been known to happen thus the reason for a test group of computers. If all is well after at least a week with the test group, it is relatively safe to deploy the tested updates to production.
Even after testing, there is no guarantee a problem won’t arise but it’s not worth the risk you may be taking of not applying these security patches.
It is critical to install security updates to protect your systems from malicious attacks. In the long run, it is also important to install software updates, not only to access new features, but also to be on the safe side in terms of security loop holes being discovered in outdated programs. And it is in your own best interest to install all other updates, which may potentially cause your system to become vulnerable to attack.