Windows Security Only Update won't include Internet Explorer patches anymore
Microsoft's Nathan Mercer announced new servicing changes for Windows 7 and 8.1 in a new blog post on the Windows for IT Pros site on January 13, 2017.
The company switched to a new update servicing system for Windows 7 and Windows 8.1, and the server operating systems Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2, in October 2016. The company switched from releasing individual patches for security and non-security updates, to a rollup model.
Microsoft released update collections which included all updates instead of individual updates for Windows 7 and Windows 8.1.
Windows users and administrators ran into issues with the new update servicing model for those operating systems right away.
The first issue that users experienced was that the syntax for the updates was confusing. Microsoft releases three servicing updates each month for each of the supported operating systems:
- Security Monthly Quality Update (Monthly Rollup) -- This update includes security and non-security updates for the operating system. It is cumulative.
- Security Only Quality Update -- (Security Only Update) This update includes only security updates. It is not cumulative, and not available through Windows Update.
- Preview of Monthly Quality Update (Preview Update) -- This update includes non-security update previews that Microsoft will release in the next month.
It is easy enough to confuse the monthly rollup update with the security only update because of the naming scheme for these updates.
Microsoft revealed a supersedence issue back in December 2016 then that affected customers using WSUS or Configuration Manager 2007.
The main issue was that the installation of a monthly rollup update would supersede security only updates. This should not have happened, and Microsoft made changes to the system to prevent this from happening in the future.
Microsoft won't provide security only updates to PCs where a monthly rollup from the same month or later month is installed on. This was applied retroactively to all security only updates from October 2016 on.
This is accomplished through an applicability definition on the Security Only update, which checks for the installation of a Monthly Rollup (from the same or later month) to determine if it applicable on the PC. For example, if a PC attempts to install the February 2017 Security Only update, and the February 2017 (or later) Monthly Rollup is already installed, the Windows Update client will now report the Security Only update as not applicable. In addition to simplifying the installation scenario, tools that leverage such applicability for deployment reporting would see the Security Only update as not needed on the PC.
The new change that Mercer announced on Friday excludes Internet Explorer updates from the Security Only update starting with the February 2017 updates.
This means that Internet Explorer updates will be offered as standalone updates from that month onward similar to how Microsoft .NET Framework updates are offered.
The change reduces the size of the Security Only update. It means however that users and system administrators will have to install the Internet Explorer patches separately.
The Monthly Rollup update will include Internet Explorer updates just like before, so nothing changes on this front.Advertisement