[belorn]

If you need to have automatic updates then you need to apply risk analyses of what would happen if that system fails.

A typical solution would be to have two machines, one with the automatic updates and a second one without automatic updates that jumps in in case the first one breaks down.

[gruez]

>A typical solution would be to have two machines, one with the automatic updates and a second one without automatic updates that jumps in in case the first one breaks down.

Great, now the other one is still vulnerable and hackers can still steal information from it.

[nikau]

The proper solution is a hardened machine build for critical systems that doesn't have internet access, disabled USB, attachments blocked in email, etc.

However that isn't popular and most orgs would prefer a day of downtime from this type of outage vs the hassle and cost of doing it right.