Yesterday I published a note on WindowsITPro.com describing the confusion that erupted when Microsoft issued KB2506143 (for Windows 2008 R2 SP1) and KB2506146 (for Windows 2008 SP2) through WSUS, a step that normally indicates to system administrators that the fixes pointed to by the articles should be installed on servers, even if they are marked as “optional”.
As it turned out, these articles cover Windows Management Framework 3.0, which includes PowerShell 3.0. Great for Exchange 2013 servers, not so good for Exchange 2007 and Exchange 2010 servers, not to mention Small Business Server (SBS) 2008 or SBS 2011 or SharePoint 2010, which are not products qualified to work with the super-duper new version of PowerShell. The effect of installing PowerShell 3.0 onto a server is that strange things start happening, such as roll-up updates refusing to install.
It seems that Microsoft has seen the light and the two articles have been pulled from WSUS. Details are only slowly emerging, but a message posted by Doug Neal of Microsoft on marc.info says:
“As a result of these regressions and feedback from customers and experts like you, we have expired the WMF 3.0 Update for all platforms (Windows 7, Server 2008, and Server 2008 R2) as of 5:07 pm PDT.
Windows Management Framework 3.0 for Windows 7 (KB2506143)
Windows Management Framework 3.0 for Windows 7 for x64-based Systems (KB2506143)
Windows Management Framework 3.0 for Windows Server 2008 R2 for x64-based Systems (KB2506143)
Windows Management Framework 3.0 for Windows Server 2008 (KB2506146)
Windows Management Framework 3.0 for Windows Server 2008 for x64-based Systems (KB2506146)
We’re engaged in an internal post-mortem to identify and resolve the issues that led to these updates being released that resulted in the regressions.”
One hopes that the internal post-mortem asks the very salient question of how Microsoft managed to release a fix through WSUS without knowing the impact that it could have on customers, and if they did know about the potential impact, why did WSUS not come with bold, blinking, and underlined warnings? It is all very unsatisfactory and demonstrates a distressing lack of quality that has been exhibited in a number of Microsoft patches and updates in the recent past.
You’ve got to wonder why the world’s largest software company functions like this – is it a failure of management, people, or processes, or simply that Microsoft is now so large and its product portfolio so complex that it is extraordinarily difficult for any part of the company to understand exactly what happens when something is done?
The cynics among us will no doubt think that the recent quality problems are all part of a grand plot to illustrate just how much easier it is to manage IT when operations such as system maintenance are devolved to cloud-based services. It’s absolutely true that Microsoft will take care of things like applying system updates and keeping everything current for you if you subscribe to Office 365 and I assume that the folks running the Office 365 datacenters are ultra-careful in how they update their servers, but they surely depend on some of the same processes that have been proven flawed in this matter, so aren’t they also at risk?
Upwards and onwards. I wish I could be confident that another problem is not lurking in the wings. But I am not and that’s worrying.
Follow Tony @12Knocksinna
MS is focusing on cloud so much these days. MS has forgot many many customers are On-Premise and will be On-Premise in future. So please, QA patches before sending patches to On-Premise customers.
In the same way that the Pentagon is building a virtual city (http://www.planetizen.com/node/59501) to test cyber defence, perhaps Microsoft need to do something similar and test their patches in simulated small/medium/large enterprises where those enterprises by and large reflect how we have things configured in the real world. It’s embarrassing.