Just got some background here, the May 10th update literally broke the ability for many people to logon to a domain. It was extremely broken and businesses that deployed it suffered heavily. The June 14th fix being discussed here in turn broke many backup products in ways people are still trying to understand. Edit: The June 14th update being discussed here also broke Wifi hotspot and RRAS services, the latter being relevant to servers.
So most Windows server admins are quite acceptably delayed in deploying updates. Most standards and policies give an organisation 30 or 60 days to apply a security update outside of a particularly critical issue, and in most cases that's considered appropriate risk management. In this case I don't understand why this is news, there were many CVEs fixed this month but I've generally assessed there are as being very low exposure and no reason to panic. For example, across our whole fleet it took a few minutes to test for the NFS service being installed anywhere and I've found it in zero places.
We don't have the Linux luxury up running an "update Apache" command and getting an update that fixed one CVE, every update is a major cumulative update with its own brokenness and test cycles. Remember at one point Microsoft released an update which broke port binding, and every network service including their own SQL and SMTP servers stopped functioning. That update was rated a critical security fix.
The (edit) July 12th update is the first proper fix for Follina vulnerability, which is now months old. That really should be what people are testing and targetting for rollout.
I wonder who Microsoft sees as Windows customers today.
Not the consumer. There are plenty of anti-consumer features in there. Spontanous reboots for patching, fire risks be damned. Privacy nightmare. Forced microsoft account. DRM.
Not the enterprise. Required manual patch validation. Complexity of upgrade rollouts. Neverending random breakage. Retraining for random vanity UI changes.
All of the above are fixable by listening to the customer and doing the necessary work, and not doing change for the sake of change.
My laptop runs Windows 10 (all my other machines are Debian or Devuan). I have searched, but failed to find any way of preventing this damned OS from downloading and installing updates without asking me. I often get up in the morning to find that all my open windows have been force-closed, because the machine rebooted after an update.
I have no idea what the updates contain; by the time I know about it, it's already installed and running. I don't see much point in reading the release-notes (if I can find them), because they are invariably opaque and full of obfuscation.
And anyway, the updates are unitary; I can't cherry-pick packages or bug-fixes. Win10 is either up-to-date or vulnerable. And "updates" often include new features that I don't want.
I don't know why Windows the OS is so user-unfriendly; possibly because the devs are exclusively focused on enterprise features. I've been using Windows since Win3, but I nowadays find it nigh-impossible to administer my own machine.
I've been thinking of replacing Windows with Devuan on this one hold-out machine for months.
It's user friendly for people that don't know what patches are or why software needs updated. It's frustrating for the people that do and would like control
I remember the Windows XP days where you'd regularly find computers that hadn't successfully updated in months or years and it was a whole day effort to get them patched
Windows 10 Reboot Blocker works ok. It runs as a service and keeps readjusting active hours to prevent reboots