Microsoft announced yesterday that it plans to change how patches for previous versions of the company's Windows operating system are made available.
The change affects all client and server versions of Windows prior to the release of Windows 10: Windows 7 SP1 and Windows 8.1 on the client side, Windows Server 2008 R2, Windows Server 2012 and 2012 R2 on the server side. Vista, as usually, is not included in anything anymore.
Microsoft plans to release a monthly rollup patch that includes security and reliability patches in a single update. Additionally, the company plans to ship all security updates of a given month as a single update package as well.
Why Microsoft makes the change
Microsoft started to distributed so-called Convenience Rollup updates for Windows 7 SP1, and monthly rollups for non-security updates for Windows 7 SP1 and Windows 8.1 in May 2016.
Based on customer feedback, and Microsoft's own analysis of the update situation on Windows, the company decided to change the current model further.
According to Microsoft, this resolves several of the issues that customers and businesses face when dealing with updates for Windows machines.
Historically, we have released individual patches for these platforms, which allowed you to be selective with the updates you deployed. This resulted in fragmentation where different PCs could have a different set of updates installed leading to multiple potential problems:
- Various combinations caused sync and dependency errors and lower update quality
- Testing complexity increased for enterprises
- Scan times increased
- Finding and applying the right patches became challenging
- Customers encountered issues where a patch was already released, but because it was in limited distribution it was hard to find and apply proactively
Microsoft aims to make the updating process on Windows "more consistent" by introducing the changes.
Windows Update changes in detail
Starting October 2016, Microsoft will release a single Monthly Rollup that includes security and reliability patches in a single update.
It will be pushed to Windows Update, WSUS, SCCM and the Microsoft Update Catalog.
Newer rollups supersede previous ones, as they include all the patches they contained. Microsoft notes that express packages will be used to keep download sizes small for devices that have these rollups installed from Windows Update or WSUS.
The company plans to integrate other patches, released previously, to these Monthly Rollup patches. The goal is to include all patches at one point in time to bring all machines running Windows to the same patch level.
Single Security-only Updates
Also starting October 2016, Microsoft will push single Security-only updates to Windows devices. These updates contain all security patches of a given month, but they won't supersede previous security updates.
Microsoft will make them available via WSUS, SCCM and the Microsoft Update Catalog. However, it won't be made available via Windows Update.
This means that the latter change is directed to Enterprise customers and businesses only.
The security-only update will allow enterprises to download as small of an update as possible while still maintaining more secure devices.
Microsoft will update documentation for updates for previous versions of Windows similarly to how it documents the Windows 10 update history.
Patch rollups that contain all updates improve the updating process. All that needs to be done is download a single patch, or two in the case of Enterprise customers, to patch Windows machine fully.
The issue with this approach is that it is no longer possible to remove a faulty patch from a Windows machine. If you know that a certain KB patch is causing issues, you will no longer be able to remove it if rollup patches are installed.
The past has shown that patches may introduce all sorts of bugs, from minor things to systems not starting anymore.
Microsoft did not mention whether patches will still be available for download through other means. It seems likely that they will be made available on the Download Center or via the Microsoft Update Catalog.
This means however more work for users who want to install updates individually on their devices. Third-party software like WSUS may come to the rescue. (Thanks Joe for the tip)
Now You: What's your take on the announcement?