On April 21st, an email from Microsoft appeared in the mailbox of mailing list subscribers informing everyone that MS16-039 had been revised and the update for Microsoft Live Meeting 2007 Console had been re-released.
It contained an additional tidbit of information that many people overlooked:
“Effective as of the May 2016 security bulletin release, all Windows updates will be available only via the Microsoft Update Catalog (http://catalog.update.microsoft.com/), and will no longer be available on the Microsoft Download Center (http://download.microsoft.com/). Making the updates available from only one location simplifies the process for our customers of finding and downloading security updates.”
Anyone who has visited a Microsoft bulletin for a Windows 10 update knows that this was already the case for Windows 10 patches, but this is a major change for users of other versions of Windows. This means that a lot of users will need to change their process. So far, there has been very little discussion on the topic.
I’ve seen a few minor discussions on forums and mailing lists, but most individuals seem to think that this won’t affect the majority of enterprises due to the use of third party patch management software or Microsoft’s own offerings.
Working in vulnerability management, I can tell you that none of these products are infallible, and I often work with customers that need to go and download a single update for any number of reasons. In some cases, this process is about to become more difficult.
Take, for example, Company X, where the operations team uses Macs due to the additional scripting capabilities that it provides. They will no longer be able to obtain updates, as the Microsoft Update Catalog is only accessible from Windows.
Company Y will also run into issues because while they run Windows, they use application whitelisting to prevent the use of Internet Explorer and have standardized on Google Chrome. Unfortunately for Company Y, the Microsoft Update Catalog only works in Internet Explorer and Edge.
These are important considerations as you prepare for May 10th. While it’s true that pure Windows shops that run Internet Explorer will see a more simplified search process, enterprises that operate outside of this configuration will find themselves frustrated and struggling to find workarounds.