Windows updates can be a contentious issue. It administrators have very different opinions as to whether they should or should not update windows. They main reasons AGAINST updating are not based so much in fact as in legacy.
Windows Updates as they used to be…..
In the old days (of Server 2000 and Windows XP), updates often broke your installed software. Microsoft had no control over how software inserted itself into the system. A change in the wrong registry entry and your software suddenly refused to work. This gave administrator a good reason to distrust Microsoft updates. Server 2000, for example, shipped as a final release candidate to market with many flaws. Suffice to say that you would never consider buying a vehicle with even 10% of the flaws that Server 2000 sold with. These were mostly patched later……
Updates would also often need a few reboots, causing extensive downtime. This was another negative which caused updates to get a bad reputation.
As Microsoft learnt and developed Windows (including a substantial part of Linux in the background). they also put more controls in place. With Server 2008, they had defined a clear set of rules for software developers to integrate into windows. Server 2012 took it a step further and they did a really good job on Server 2016.
The end result is that the probability of a new patch trashing your software is very small. Really old software will most likely need to be run in “legacy” mode which should protect it from any effect updates have anyway.
With exploits and Malware popping up daily and hundreds of thousands of lines of code, Microsoft has to release updates on an almost weekly basis to keep there systems functioning at a reasonably secure level. A good example is the recent zero-day flaw found in the .NET subsystem. Without patching your Windows server, you are open to attack from all sides.
Another good reason to patch is that Windows systems have to be kept up to date as the underlying platforms on which it runs evolve – whether they be physical or virtual. At Host Africa we have often seen Windows Virtual servers become unstable or randomly reboot and disconnect if they are not updated. The first thing you should do on any fresh server install is run Windows updates before installing anything else. Be patient – this can take anywhere from a few minutes to a few hours.
Updates still often need a reboot, so it is best to do them after hours. Windows servers can sometimes reboot and then pause, installing updates. This needs to be taken into account and anticipated as possible downtime.