Patch early and patch often is the advice of security professionals when it comes to software updates.
After all, who needs to be left wide open to hackers and malware writers when the solution is delivered by the software's maker?
Yet sysadmins will be increasingly leery of applying such an approach to Windows systems following Microsoft's latest botch job.
On 12 August Microsoft released 40 updates for Internet Explorer, Windows 7 and Windows 8 Pro.
Very shortly afterwards people began reporting their Windows machines bricking – while others glimpsed something they hadn't seen in a very long time: the Blue Screen of Death. Many thought BSODs were a thing of the past in this brave new Windows 7 (and 8) world.
They were wrong. As ever, people were in the dark over what had gone wrong and why.
"I have spent about 8 hours looking into this and I found out that the error occurs when I install any of the following updates: KB2976897, KB2982791 and KB2970228. I checked my laptop's ram and hard disk and they do not show any defects," wrote Frank on a Microsoft forum.
Tempers were running high. "I wasted loads of time trying to get my PC to boot as mine boots in to a blue screen and it comes with error "win32k.sys," wrote 007L2Kill.
One user unloaded: "I wish that Microsoft would check the updates before releasing them I suspect that these updates mentioned above are not compatible with windows 7 64bit which I am running."
Susan Bradley, a Microsoft “valued professional community moderator”, shot back:
"They do test, they just missed something here. Would you mind emailing me so we can get this officially investigated? The more samples/cases we have the faster we can get to the bottom of it."
Hardly the words of comfort one expects from Microsoft. Judging by Bradley's comments, the software giant was as clueless about what had gone wrong as the hapless users.
It was also clear the BSOD plague was hitting everybody, from those supporting elderly relatives' PCs up to serious business users. Yet amid the horror there was humour:
"I thought that only Windows 98 systems got blue-screen errors?," wrote Joe Blough. "(I am laughing at you all, because I haven't seen a blue-screen error on my win-98se system for years. I'm typing this reply on one such win-98 system right now - it has 2 gb of installed ram and win-98 can see and use all of it thanks to a few patches. And no, I'm not running 98 in a VM.)"
Microsoft has now retreated from the update, taking the second quickest route to fixing something - the first being "power button off, power button on". It's told users to uninstall the botched update from crippled PCs. Microsoft has also removed the offending download links from its site.
It's not the first update cockup from Microsoft in recent months.
Already this month Redmond has had to rush out hotfixes to repair the security updates to Internet Explorer versions 7 through to 11 in July and August, which caused IE users' web browsing to run at the speed of cold molasses in January. Or, running that description through the Microsoft filter, after you applied patches MS14-037 and MS14-051: "Web applications that implement consecutive modal dialog boxes may cause Internet Explorer to become slow and unresponsive over time."
In November 2013 Surface Pro 2 vanity slabs were overheating thanks to a fault that was also making the screens go too dark to be read.
An update from Microsoft released in December which supposed to stop the problem only made it worse, spawning a variety of new difficulties. Users reported their Surfaces weren't charging properly, the batteries draining and bogus error messages kept popping up. Others simply couldn't install the update.
What did Microsoft do? Retreat, again: it pulled the update and postponed delivery of fresh patches to after Christmas, when, Microsoft assumed, lots of new Surfaces would have been purchased.
Microsoft has dragged its development practices into the 20th century, it has recently been said.
But whether it's Waterfall, Agile or another en vogue development methodology working its way through Microsoft, the company's clearly got a serious problem on development and delivery of fault-free patches.
The worst part? It's about to get a lot more complicated as Microsoft has decided the whole update system works so well, it can throw system updates into the code stew too.
Unfortunately, the fact that Microsoft's security fixes keeps making things worse makes this not just a problem for Microsoft it's an issue for millions of PC users.
Sysadmins must decide whether to trust Microsoft one more time or to run the gauntlet of hackers and malware writers, applying patches late and infrequently to save their own sanity and their credibility in the workplace. ®
Sponsored: Ransomware has gone nuclear