Hate to be that guy but if you automatically patch critical infrastructure or apply patches without reading their description first, you kinda did it to yourself. There’s a very good reason not a single Linux distribution patches itself (by default) and wants you to read and understand the packages you’re updating and their potential effects on your system
There's a lot of people out there running automation to keep their servers secure. Well I agree any automation out there should be able to flag and upgrade excluded, It would seem to me like Microsoft should own some of the blame for a full ass hard to uninstall OS update fed in with the same stream and without it interaction. I kind of expect my OS in stall pop up a window and say hey a****** this is going to upgrade your system, are you cool with that. I don't know how it works these days but I know back in the day going between versions you would have to refresh your licensing on a large upgrade.
Unlike with other OSes Microsoft releases all of their patches on Tuesday at around the same time in one big batch. I spend my Tuesday morning reading the patch descriptions and selectively applying them. A method that hasn’t failed me once.
Yeah, I'm using Ninja on about 120 boxes. It's set to auth critical only. If someone reports a problem, we'll go ahead and blacklist that update temporarily while we sorted out even though it's semi-automated they never happen all at once there's always a couple of canaries that get up a little early.
Many distros (at least Ubuntu) auto-installs security updates, and here a mislabeled "security update" was auto-installed. This is not the fault of the sysadmins.
here a mislabeled "security update" was auto-installed.
To be fair, you would have to read all the way to the first paragraph to get this information from the article. Hard to blame people for not knowing this critical bit of information when it was buried so deep