Microsoft Outlines Windows Update Details Coming October 11
Microsoft today offered a few more details about the cumulative update model that will be arriving for all supported Windows systems on Oct. 11.
Oct. 11 will be "patch Tuesday," the day that Microsoft will release its October security updates for its software products. Microsoft actually labels these monthly releases "Update Tuesdays." It also refers to them as "B week" releases, according to an explanation by Michael Niehaus, a Microsoft senior product marketing manager for Windows.
A cumulative update is a collection of software patches that contains all previously released fixes for a product. Currently, Windows 10 follows this monthly cumulative update model. On Oct. 11, Microsoft will subject users of "Windows 7 SP1, Windows 8.1, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2" to this same monthly cumulative update model. However, the initial cumulative update releases for those products won't quite have all of the fixes included. Microsoft expects them to be fully inclusive "starting in early 2017."
Microsoft has various security update types, which can get deployed depending on an organization's patch strategy. However, the notable change for IT pros managing Windows systems is that the new cumulative update model happening on Oct. 11 will preclude the ability to roll back an individual patch when things go wrong during the monthly update process. Instead, IT pros will have to roll back to the previous month's cumulative update.
Niehaus provided some definitions and timing for the new cumulative update process, as summarized in the following table:
|Security-only quality update
||Monthly (only security patches)
||On "B week" to WSUS and the Windows Update Catalog; accessible via SCCM
|Security monthy quality update (a.k.a the "monthly rollup")
||Cumulative (security plus non-security patches)
||On "B week" to WSUS and the Windows Update Catalog
|Preview of monthly quality update (a.k.a the "preview rollup")
||Cumulative (security plus non-security patches)
||On "C week" to WSUS and the Windows Update Catalog
|Separate updates (e.g., "out-of-band" security fixes)
||Monthly or separate
Table 1. Nomenclature and timing for Microsoft's monthly security updates for supported Windows clients and servers, starting on Oct. 11, 2016. The cumulative updates will start to include all past fixes by early 2017. "B week" represents "patch Tuesday," or releases that occur on the second Tuesday of each month. "C week" represents releases that occur on the third Tuesday of each month. WSUS, Windows Server Update Services; SCCM, System Center Configuration Manager. Source: Microsoft Windows blog post and Enterprise blog post.
Niehaus recommended that organizations have "a ringed deployment approach for all updates" for testing purposes. According to this scheme, the IT department gets the update first, followed by end user test groups. If there's a patch-associated problem, organizations should contact Microsoft Support "as soon as possible," Niehaus indicated.
In response, Microsoft will either roll back the update for the problematic machines or it will install "other updates known to resolve the issue," according to Niehaus. Microsoft also recommends working with independent software vendors (ISVs) to resolve application problems after applying a Windows monthly cumulative update.
Microsoft will have two basic types of security updates each month. One is known as the "security-only" version. The other is labeled as the "monthly rollup." The important point is that the monthly rollup also includes nonsecurity fixes. IT pros do not necessarily need to install both security updates each month, Niehaus explained. However, if an organization just applied the security-only updates, then the computing environment would still need to apply the monthly rollup to get the nonsecurity fixes.
Niehaus also mentioned that Microsoft will offer previews of the next monthly rollup. Those previews get released on "C week," or the third Tuesday of each month.
It's possible to test these monthly preview releases to gain extra time to resolve potential problems in a computing environment, according to expert advice from research and consulting firm Gartner Inc. Generally speaking, there are three Windows 10 update types, namely monthly security fixes, monthly quality updates and feature updates that get released once or twice per year, according to Gartner's analysis.
Microsoft also will release monthly updates to the .NET Framework per the new update scheme. The monthly updates won't upgrade the existing installed .NET Framework version, though. These updates will include both security fixes and reliability improvements. There's also a "security-only" .NET Framework monthly update that's available through the Windows Server Update Services solution or the Microsoft Update Catalog.
Utopia or Patch Apocalypse?
Microsoft's top recommendation for organizations is to just to "install all security and non-security fixes as we release them." It's advice that most IT pros will instinctively resist. However, after Oct. 11, the time-honored method of simply rolling back an individual flawed patch won't be an option for IT pros.
Doubtless, the new patch model coming next week for all supported Windows versions will lead to troubles for organizations. Microsoft's Windows 10 monthly updates haven't been problem free for organizations so far.
It might be quite difficult to get to the kind of patch-and-forget utopia that Microsoft has been trying to get going.