Announcement

Collapse
No announcement yet.
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Test Windows Updates so that we can keep our servers up to date

    Installed Shoretel recently and found out we need to stay behind on updates about half a year. This should be unacceptable in the world we live in now.

  • #2
    Yes and no. It is not so much that you have to stay behind half a year, as it is that Microsoft does not warn anyone of what a patch is going to contain ahead of time. So on day 1 any given patch may cause your ShoreTel server to become effectively non-functional. You can run updates manually and always take a snapshot / backup before you do, or keep yourself several months behind on patches so that ShoreTel has time to test and fix issues caused by patches, or accept the risk of hosing your phone system on any given patch Tuesday. This is problem is really of function of how Microsoft does patches and how business critical a phone system tends to be.

    EDIT: Though I do agree that it would be nice to have SOMETHING better to do than just wait a bit, but that is really a function of Microsoft not sharing patching information well.

    Comment


    • #3
      I echo koesro1 on this. it's unacceptable for ShoreTel to be so stubborn on patching. We've had cases straight rejected because we have a patch on the server that was issued past the release date. At least follow some process whereby patches are approved on a monthly basis like all the other proper system providers do. To flatly refuse to look at issues because a company is more security focused is down right daft.

      for our latest issues we've had to remove our AV protection from the servers as it "may" be causing our issues, again no further investigation is taking place because they are solely focused on proving to be somebody else's fault..

      We've also had to withdraw the external conferencing facility as again we can't patch the SA100 as it's using outdated cyphers.

      Whilst sticking it all behind a firewall is a good idea and should be done that really doesn't mitigate security at best all it does is prevent spreading anything.

      Rant over - time for a cuppa...

      Comment


      • #4
        It's not ideal, however keep an eye on the latest release notes as you'll find that they not only certify the latest build, but previous builds to a specific level of Microsoft Updates. The most current build R1804 (21.88.3731.0), specifies all updates up until and including June 22 2018 are safe to install for all builds from R1704 (21.82.9623.0) upwards.

        It's still ridiculous that there is a restriction on patching but recent movements do show that Mitel are pushing the focus on security harder than ShoreTel ever did.

        Comment


        • #5
          What's the release date for build 19.49.3800. please0? Want to patch up to that date.

          Comment


          • #6
            Originally posted by cynr View Post
            What's the release date for build 19.49.3800. please0? Want to patch up to that date.
            That's an old one 05/24/17
            Lance Paddock
            BTX | Business Telephone eXchange
            1(800) 289-0299

            Comment


            • #7
              Agreed, this needs progress, but I would again point out that the real fix is to remove the MS Windows dependency as the horrible state of Microsoft patching is the real culprit here.

              Comment


              • #8
                Originally posted by blanning View Post
                Agreed, this needs progress, but I would again point out that the real fix is to remove the MS Windows dependency as the horrible state of Microsoft patching is the real culprit here.
                I totally agree.
                Lance Paddock
                BTX | Business Telephone eXchange
                1(800) 289-0299

                Comment


                • #9
                  But the SA100 is *nix and even that is not up to date for security

                  Comment


                  • #10
                    Originally posted by loveladym View Post
                    But the SA100 is *nix and even that is not up to date for security
                    Not arguing, but how do you suggest a linux appliance be kept current between ShoreTel build updates? Mitel needs a better plan for this (some kind of micro-services approach that de-couples the appliances and services more perhaps...) but that is not where we are at now and patching the underlying linux (it is WindRiver) on a regular basis will result in SA100s that stop working because changes are introduced that the rest of the system is not ready for.

                    Comment

                    Working...
                    X