When Microsoft first switched to its Insider-focused patch testing model, it saw a lot of criticism. Over the years, though, the company has formed a dedicated volunteer community that has kept most bugs out the OS.
However, with the stress of bi-annual updates, the cracks are starting to show. Microsoft's previous feature update had a number of unfortunate bugs, and its patches since have been consistently unstable.
“Today, as Windows 10 turns three years old, I am writing to you to ensure that you are aware of the dissatisfaction your customers have with the updates released for Windows desktops and servers in recent months. The quality of updates released in the month of July, in particular, has placed customers in a quandary: install updates and face issues with applications, or don't install updates and leave machines subject to attack,” she writes.
Balancing Security with Sanity
She goes on to highly the 47 knowledge base bulletins with known issues in July, many concerning .NET side effects with Microsoft's own software. A survey of the Windows 10 patch management forum Bradley moderates reveals that close to 65% of admins weren't satisfied with Windows 10 patches.
Simply, Microsoft's Insiders don't seem able to catch many of the nasty bugs in the OS. Some consultants have taken to disabling updates entirely to not break vital services. This has meant no protection against vital flaws like .NET remote code injection, speculative bypass, and more.
Though the company runs an internal Elite program where employees get rewards for spotting bugs, it doesn't seem to be enough. A quick solution to the predicament isn't clear, but Bradley suggests that a re-introduction of Microsoft's Security Update Validation tester wouldn't go amiss.
“We want Microsoft software to be such that we can indeed install all updates and patches immediately without reservation,” she finishes. “As it stands right now, we do not trust the software and the patching quality enough to do so.”
You can read the full letter on ComputerWorld.