> > > there isn't any real control over what can and can't be applied outside of a
> > > WSUS-managed update environment.
> > If you use WSUS to control what gets applied then you are putting yourself at risk.
> > Using it to control when things are applied is bad enough.
> the current model is driving a fair number of people back to Windows 7 tho, which is
> worse than all of those things.
Exactly. By pushing an all-or-nothing update model on Windows 10 end users, all that Microsoft has really accomplished is to take a segment of their userbase and turn them into the vulnerability management problem that they were trying to eliminate in the first place.
There is no good answer to this problem, at least not in the framework that's currently being deployed for handling the issues at hand.