Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Windows Autopatch Aims to Make Patch Tuesday ‘Just Another Tuesday’ for Enterprises

Microsoft this week announced Windows Autopatch, a new automatic updates service for Windows 10 and 11 Enterprise E3 customers that will manage all software, firmware, driver, and enterprise app updates.

Microsoft this week announced Windows Autopatch, a new automatic updates service for Windows 10 and 11 Enterprise E3 customers that will manage all software, firmware, driver, and enterprise app updates.

The new feature ensures that Windows and Office products on enrolled endpoints are automatically updated, at no additional cost, helping admins more easily manage the security updates rolled out on the second Tuesday of every month.

“The second Tuesday of every month will be ‘just another Tuesday’,” said Microsoft’s Lior Bela.

Windows Autopatch rolls out updates gradually, to evaluate the deployment and ensure that no issues arise. Thus, all registered devices should be kept updated without disrupting business operations.

“The development of Autopatch is a response to the evolving nature of technology. Changes like the pandemic-driven demand for increased remote or hybrid work represent particularly noteworthy moments but are nonetheless part of a cycle without a beginning or end,” Microsoft notes.

Autopatch, Microsoft says, will eliminate security gaps by delivering important updates in a timely manner, providing enterprises with timely response to changes.

According to Microsoft, Windows Autopatch can detect variations among endpoints to dynamically create 4 testing “rings,” which are groups of devices representative of the diversity within the enterprise environment.

[ READ: Microsoft Introduces New Security Update Notifications ]

Advertisement. Scroll to continue reading.

These rings include the ‘test’ ring, containing a minimum number of representative devices, the ‘first’ ring, which contains roughly 1% of the managed devices, the ‘fast’ ring, containing roughly 9% of devices, and the ‘broad’ ring, which contains the remaining 90% of endpoints.

“The population of these rings is managed automatically, so as devices come and go, the rings maintain their representative samples. Since every organization is unique, though, the ability to move specific devices from one ring to another is retained by enterprise IT admins,” Microsoft notes.

With these curated ring populations in place, Autopatch deploys updates progressively, moving from ‘test’ to ‘broad’ after specific validation periods. The service also monitors device performance with pre-update metrics, to balance speed and efficiency and optimize productivity.

With Autopatch in place, all quality updates – those dealing with security, firmware and other essential functionality – are deployed swiftly, Microsoft claims.

Feature updates – which mainly include user interface or experience changes – will be rolled out slower, with 30 days provided for each ring so that users can interact with the software and report issues.

[ READ: CISA Urges Organizations to Patch Exploited Windows Vulnerability ]

“Whenever issues arise with any Autopatch update, the remediation gets incorporated and applied to future deployments, affording a level of proactive service that no IT admin team could easily replicate. As Autopatch serves more updates, it only gets better,” Microsoft says.

Autopatch comes with a “Halt” feature, where updates will not move from ring to ring unless specific stability targets are met (customers too can halt updates); a “Rollback” feature, where updates can be undone if performance targets are not met; and a “Selectivity” feature, which allows customers to select only portions of the update package to be deployed.

The new service also comes with reporting and messaging capabilities, and with an Autopatch message center, where admins can view details about schedules and update status, as well as details from the Autopatch team.

All Microsoft customers with a license for Windows Enterprise E3 can enroll into Autopatch when it becomes generally available in July 2022, the company says.

The service comes with a built-in readiness assessment tool to check settings in Intune, Azure AD, and Microsoft 365 Apps for Enterprise and help enterprises address identified issues, to make sure all solutions are configured to work with Autopatch.

Related: Patch Tuesday: Microsoft Calls Attention to ‘Wormable’ Windows Flaw

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.