alphaspirit - Fotolia


Windows Update for Business: Breaking bad patch management

Windows Update for Business gives Windows 10 users more control over OS security, with System Center integration and distribution rings.

Missing patches are like weak passwords. They're basic security flaws that are at the root of many of the largest breaches in history. Be it through a remote shell exploit, denial of service attack or malware infection, unpatched Windows systems create untold risks. Yet, it seems as if some administrators go backward in time when it comes to addressing this issue.

Microsoft believes it created a magic bullet to solve many of the challenges of existing patch management, such as delayed rollouts, platform fragmentation, and the associated financial costs -- not to mention security risks. Windows Update for Business is a Windows 10-centric replacement for the traditional Windows Update admins depend on. Free for Windows Pro and Windows Enterprise-based systems, Windows Update for Business will offer several benefits that can better secure the network, including:

  • "Distribution rings" that allow admins to define which systems are updated first, second and so on. This way, you can determine which systems are most critical and least critical and have a more structured approach to rolling out patches.
  • Peer-to-peer delivery that allows admins to save bandwidth when delivering updates to remote sites. This can also be a timesaver for super-critical patches that must be pushed out.
  • Maintenance windows that allow admins to create granular schedules for running (and not running) updates. This addresses the age-old problem of Windows automatically applying patches that end up breaking critical systems at the worst possible time.
  • Integration with System Center Configuration Manager, Windows Server Update Services and related tools, allowing IT teams to continue to manage systems through the same interface.

Microsoft recommends rolling out Windows 10 and thinking about how to segment and classify systems for this new approach to patching. Then take it for a spin. As nice as Windows Update for Business sounds, I'm not convinced that IT shops are going to drop everything to upgrade to Windows 10. Still, Windows Update for Business should create a bit of an allure to Windows admins as it not only affects workstation management, but also affects higher level functions, such as how to manage Active Directory and GPOs.

Missing Windows patches are the most common security vulnerability. In Microsoft's defense, studies have shown that many exploits are carried out due to missing third-party software patches -- not Windows patches. But still, it's problematic. Windows Update for Business can help alleviate some of that problem.

About the author:
Kevin Beaver is an information security consultant, expert witness, and professional speaker with Atlanta-based Principle Logic, LLC. With over 26 years of experience in the industry, Kevin specializes in performing independent security assessments revolving around information risk management. He has authored/co-authored 12 books on information security including Hacking For Dummies and The Practical Guide to HIPAA Privacy and Security Compliance. In addition, he’s the creator of the Security On Wheels information security audio books and blog providing security learning for IT professionals on the go. Beaver can be reached at and you can follow him on Twitter, watch him on YouTube and connect to him on LinkedIn.

Next Steps

Windows Update for Business gives admins more control

Should you upgrade to Windows 10?

Dig Deeper on Windows Server troubleshooting