The past two months are a prime example as to why businesses should not rely on automatic updates for software. It seems that many companies, either for security or other reasons, do not have the resources or time to vet the updates for the systems they are intended.
On November 10th, Microsoft released a Security Update to Windows 7 (KB3097877). The update actually caused Outlook 2010 and 2013 to continually crash. This patch also caused a black screen to occur when pressing Ctrl+Alt+Del prior to logging into the computer. In December, Microsoft released KB3114409 which was supposed to prevent Outlook from starting in Safe Mode, along with a few other fixes. Unfortunately, the opposite occurred for many systems, where it forced Outlook to only start in Safe Mode. Microsoft has since removed this update, but any users systems that problem with Outlook starting in Safe Mode need to have the update uninstalled.
Apple has not been immune to the update crisis either. While it seems that the iOS 9.2 update released last week has been smooth so far, iOS 9 updates have caused numerous headaches for users. All major vendors have software releases that have caused problems with the systems they are patching.
One of the major advantages of having your IT provider manage updates is that they can verify that the patches do not have unwanted effects. Update management system are key to providing the administration and reporting of patch tasks. Configuring and utilizing a server running Microsoft's WSUS platform enables your consultant to download patches for your specific Windows systems, approve or deny any updates, and select a time to install updates that works around your business model. A product like Shavlik can handle Microsoft Updates as well as other updates from third party vendors (i.e. Java, Adobe, Mozilla, Google). Most businesses cannot have their computers and servers updating and restarting in the middle of a weekday, so being able to schedule the installation is ideal. Also, utilizing a central repository reduce bandwidth usage because updates only have to be downloaded once. Once systems are updated, the update management system can verify which computers have the update and which ones might still need the install. This is very helpful for figuring out which mobile systems still need to be patched.
One other major advantage of having updates be managed by your provider is that they can make sure your systems are backed up or a snapshot is created of your systems before patches are applied. The ability to reverse any damage done by an update can eliminate data loss or business downtime is paramount to your operations.
Obviously, there are times that an update is needed quickly to patch critical vulnerabilities in software, hardware, or operating systems. This still should be organized by your IT company and part of your security and operations plan.