Since rolling back to the previous configuration will present a challenge, affected users will be faced with finding out just how effective their backup strategy is or paying for the required license and dealing with all the changes that come with Windows Server 2025.
Accidentally force your customers to have to spend money to upgrade, how convenient.
MS didn't force it, Heimdal auto-updated it for their customers based on the assumption that Microsoft would label the update properly instead of it being labeled as a regular security patch. Microsoft however made a mistake (on purpose or not? Who knows...) in labeling it.
A bunch of enterprise services are Windows only. Also Active Directory is by far the best and easiest way to manage users and computers in an org filled with a bunch of end users on Windows desktops. Not to mention the metric shitload of legacy internal asp applications...
We run a lot of Windows servers for specialized applications that don't really have viable alternatives. It sucks, but it's the same reason we use Windows clients.
Basically AD and the workstation management that uses it. Could all be run on a VM and snapshotted because you know it's going to fuck up an update eventually. Perhaps SQL Server but that's getting harder to justify the expense of anymore.
It must have been the same fun as when back in 2012 (or 2013?) McAfee (at least I think it was them) identified /system32 as a threat and deleted it :)
I'm not necessarily talking about being in the server room, I'm talking about more like doing power shell stuff and the stuff you would think system administrators do. They are still teaching active directory in IT classes in college
I knew a guy with almost that exact resume, except he told me it was chickens. He worked in Lagos during the week and went back to his chickens in rural Nigeria on the weekend.
When reading comprehension is limited to the title.
MS mislabeled the update
Heimdal (apparently a patchmanagement) auto-installed the falsely labeled update.
If OP (this was reported by a Redditor on r/sysadmin) and their company is unable to properly set grace periods for windows updates I can't help them either.
IMHO you are supposed to manually review and release updates either on a WSUS or the management interface of your patching solution.
Not just "Hehe, auto install and see what happens".
And if you do that shit, set a timeout for 14 days at least for uncritical rated updates.
They said they believe it was a mislabeled update. MS didn't respond. Before criticizing others for their reading comprehension, I think you could work on yourself too.
There is a world, and it may be ours, where MS purposefully pushes this out. As the end of the article makes clear, this will be only a minor issue for those with good backup (which they probably all should but they don't), but for those who don't they'll be stuck with the new version and have to pay for the license of it. This is a large benefit to MS while they also get to pretend like it's just a mistake and not having backups makes it your issue, not theirs.
Hate to be that guy but if you automatically patch critical infrastructure or apply patches without reading their description first, you kinda did it to yourself. There’s a very good reason not a single Linux distribution patches itself (by default) and wants you to read and understand the packages you’re updating and their potential effects on your system
While you are generally correct, in this case the release notes labeled this as a security update and not an OS upgrade. The fault for this is Microsoft's not the sysadmin.
Many distros (at least Ubuntu) auto-installs security updates, and here a mislabeled "security update" was auto-installed. This is not the fault of the sysadmins.
here a mislabeled "security update" was auto-installed.
To be fair, you would have to read all the way to the first paragraph to get this information from the article. Hard to blame people for not knowing this critical bit of information when it was buried so deep
There's a lot of people out there running automation to keep their servers secure. Well I agree any automation out there should be able to flag and upgrade excluded, It would seem to me like Microsoft should own some of the blame for a full ass hard to uninstall OS update fed in with the same stream and without it interaction. I kind of expect my OS in stall pop up a window and say hey a****** this is going to upgrade your system, are you cool with that. I don't know how it works these days but I know back in the day going between versions you would have to refresh your licensing on a large upgrade.
Unlike with other OSes Microsoft releases all of their patches on Tuesday at around the same time in one big batch. I spend my Tuesday morning reading the patch descriptions and selectively applying them. A method that hasn’t failed me once.
We have an app running on CentOS 6. The vendor of the app informed us they expect to have a new version that can run on RHEL 8 by the end of the year - 2025.