Do not deploy a "mandatory update" to your entire customer base at the same time. Do it in small sample cohorts and pause to see if there is trouble. Pay very close attention to those cohorts. Continue if there is no trouble.
If something nasty slips through your test procedures, at least this will minimize the damage, and give organizations time to recover.
I don’t disagree - you are correct. I suppose I’m asking from a more general perspective, Microsoft OS being so entrenched into so many systems - should there be some form of certification program before being released? Just trusting 3rd parties to not get it wrong allows clear risk.
I work in automotive. There’s standards regulations like U.N. R155 that is required in Europe. To sell cars there, a company is required to have a cybersecurity management system that is compliant with the regulation, and be audited by a 3rd party. Standards like ISO21434 provide the framework for cybersecurity in product development.
I’m not aware of such regulatory requirements, standards, or certifications in this instance / context.