Well, Microsoft ends its monthly Patch Tuesday security bulletins (also known as Update Tuesday) this month, replacing them with a new online database, plus automatic updates on Security Updates Guide. Microsoft had announced this in November itself in a blog post- "Security update information will be published as bulletins and on the Security Updates Guide until January 2017. After the January 2017 Update Tuesday release, we will only publish update information to the Security Updates Guide."
Businesses now need to ponder on how to integrate this new process into their operations. There are many who see this as a positive thing, something that's likely to make things smooth for users. There is also the thought that this would help Microsoft to compete better with Google, whose auto-update process is rather invisible. Many businesses have built their processes, their patch management processes around the Patch Tuesday bulletins; many of them have been doing so for almost two decades now. Thus this change would definitely cause them some discomfort.
There would be many IT companies who would, as a result of this new development, find it impossible to deploy some patches while holding back others for network compatibility checks etc, as they used to do.
With Patch Tuesday coming to an end, there definitely would be changes in the field of patch management. The already published security bulletins, however, would remain, as such. In the FAQ about the database, Mircosoft confirms- " Previously published traditional security bulletin webpages will remain online in their current location." It also states- "By February, information provided in the new Security Updates Guide will be on par with the set of details available in traditional security bulletin webpages."
Microsoft sources and experts, who say that customer feedback was one of the reasons that prompted this decision, opine that Microsoft is doing the right thing. The company would need to ensure the security of their browser, and hence the decision could be justified.
Thus, while it would be easier for individual users, for enterprises things would be a bit complicated. They would no longer have a control in deciding as regards deploying patches or holding patches for compatibility testing. The whole patch management scenario is set to change for them. Companies would have to discuss with their patch management providers at the earliest, to make plans on how to manage in the new scenario. They should read all documentation that Microsoft offers, make full use of the support channels that are offered and also give regular feedbacks. This because they like it or not, they will have to live with this new system.