Servicing Model for Windows 7 and 8.1 shifts to Rollup Patches versus Individual Updates

This week Microsoft announced their plans to shift all supported versions of Windows to the same cumulative update process they have been using with Windows 10 since it was released for general availability in July 2015.

This change affects Windows 7 (SP1), Windows 8.1, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2 and will go into effect beginning with updates issued in October 2016.

The idea is that a cumulative update contains all previously released patches plus anything new for that current month. This process will include patches for bug fixes, reliability and security issues.

In October, when this process begins, there will be a new monthly rollup that will contain bug fixes, reliability and security patches. That rollup will eventually become 100% cumulative as Microsoft adds all of their previous patches to it and they expect this process to be complete in the next year or so. This also appears to be the patch that will eventually contain all of the past security patches for the above mentioned versions of Windows that are moving to this new servicing model. Each month this rollup patch will be updated to include the latest system patches from the previous month as well.

Also happening in October is a new security focused update that will roll out alongside the monthly rollup described above. It will offer all of the new security patches for that month in a single update instead of individual patches. Then those patches will be rolled into the monthly rollup for November and a new, if necessary, security patch will be issued in November. That cycle will continue month after month keeping the monthly rollup up to date with all necessary patches for that system.

This new process of issuing system a cumulative update each month means that a freshly installed copy of any of these supported versions of Windows will only need to download the latest monthly cumulative update patche in order to be 100% up to date. If you have been testing or using Windows 10 over the last year you have experienced this patching process already as part of the whole Windows as a Service (WaaS) model. In my experience it makes setting up a new Windows 10 system very easy because a year's worth of updates do not have to be downloaded to get the system fully updated. If you have ever tried to a clean install of Windows 7 then you know how slow that process can be even with the new Windows 7 Cumulative Update that was issued earlier this year.

Microsoft will provide the monthly rollup via Windows Update and WSUS using express packages to keep the downloads as small as possible. The monthly security update on the other hand will only be available via WSUS, SCCM and the Microsoft Update Catalog.

As for documenting these new updates, it appears Microsoft might adapt the same model they are currently using for Windows 10 and provide an update history page for each of the supported versions of Windows with links to the appropriate knowledge base articles.

Microsoft says that these changes are about preventing fragmentation and problems such as:

They also state that this new process should result in less overhead for you as a systems admin:

"By moving to a rollup model, we bring a more consistent and simplified servicing experience to Windows 7 SP1 and 8.1, so that all supported versions of Windows follow a similar update servicing model. The new rollup model gives you fewer updates to manage, greater predictability, and higher quality updates. The outcome increases Windows operating system reliability, by eliminating update fragmentation and providing more proactive patches for known issues. Getting and staying current will also be easier with only one rollup update required. Rollups enable you to bring your systems up to date with fewer updates, and will minimize administrative overhead to install a large number of updates."

However, just watching the reaction on social media to this change it is causing a lot of concern for those same system admins that Microsoft wants to help out.

In the past if a specific update was found to be causing problems it could be uninstalled on its own until that patch was fixed but with this new model an entire rolled up collection of patches, either  system or security related, would have to be uninstalled. That in turn could expose those systems to vulnerabilities beyond what that one bad patch was intended for.

When you add to that the recent history of a monthly patch or two causing system issues then this is a valid concern because it could impact a companies users and their ability to accomplish work related tasks.

What are your thoughts on this significant shift in Microsoft's monthly patching strategy?

But, wait...there's probably more so be sure to follow me on Twitter and Google+.

----------------------------------

Looking for an awesome, no-nonsense technical conference for IT Pros, Devs, and Devops? Check out IT/Dev Connections!