When Microsoft pulls bad patches, does WSUS automatically pull the patches as well or do we need to do it manually?
If we have to do it manually, how do we keep on top of bad patches?
Asked
Active
Viewed 110 times
6
-
They pulled 4 this past week after causing a lot of problems. We had to go in a remove them. – Jason Aug 19 '14 at 20:57
2 Answers
1
Microsoft has a way to Expire updates, so they do get expired and not further distributed. However, they do not get uninstalled automatically when they are already installed on WSUS Clients.
MichelZ
- 11,008
- 4
- 30
- 58
0
Yes, if you have not deployed a patch then you will need to either not approve the patch or decline the patch. If you have already deployed the patch then you will need to select the patch in WSUS and approve it for removal. Right-click on the patch, click "Approve", click on the icon to the left of a computer group, and select "Approved for Removal".
To vet patches we update three groups of servers/workstations: PRE-TEST, TEST, and PROD.
I left a list of resources that I use to keep on top of patches here: https://serverpatch.wordpress.com/
Andy
- 1
- 2