Microsoft explains changes to Windows patching
Microsoft has elaborated on the new patching policy for Windows 7 and Windows 8.1 that takes effect Tuesday.
In a post to a company blog accompanied by graphics that resembled a periodic table, Michael Niehaus, a product marketing director for Windows 10, fleshed out the massive change in how Windows 7, the standard in business and the most popular OS on the planet, will be serviced starting with this month’s Patch Tuesday.
Microsoft announced the new plan two months ago, saying then that as of Oct. 11 it would offer only cumulative security updates for Windows 7 and 8.1, ending the decades-old practice of letting customers choose which patches they apply.
Windows 7’s new maintenance model was an organ transplant from Windows 10, which has always relied on cumulative updates that include the contents of all previous releases along with the new fixes. But cumulative also refers to the gestalt of the new updates: They’re entities that cannot be broken into their parts.
Niehaus’ post contained little that had not been disclosed before, either in Microsoft’s August 15 announcement or in the answers to scores of questions from commenters. Instead, Niehaus took pains to specify exactly what each of three new updates will contain, who will have access to each and when the updates will release each month.
There will be three monthly updates, not two as first described, Niehaus said. The third of the trio — which was revealed only in the August announcement’s comment Q&A — will be issued on the third Tuesday of the month. Dubbed “Preview Rollup,” it will contain early versions of the non-security fixes due to ship the following month, along with all security and non-security patches included in prior updates.
Preview Rollup will be issued to all PCs serviced by Windows Update, and offered as an optional update to systems managed by IT administrators using platforms such as WSUS (Windows Server Update Services) and SCCM (System Center Configuration Manager).
Contrary to what Microsoft said two months ago, it now appears that the company will include patches for Internet Explorer 11 (IE11) in the cumulative updates.
Notably, Niehaus’ post addressed the potential of an update crippling PCs, breaking an existing application or workflow, or creating some other kind of chaos. “If any issues are encountered, we recommend stopping or pausing deployment of the update and contacting Microsoft Support as soon as possible,” Niehaus wrote.
For decades, Windows users have been able to apply an individual patch and reject others, or accept most fixes but block one or more that had proved flawed or even dangerous. That long-standing tactic has been invalidated by the conjoined nature of the new updates.
The loss has been among the most debated — and criticized — aspects of Windows 10, where this model originated. IT administrators have voiced the same unease about this week’s change to Windows 7 and 8.1.
“There is a real concern that there will be an issue that because we have to keep the business operational, we will not be able to install the update rollup,” said Susan Bradley, the IT administrator who moderates the PatchMangement.org mailing list, where business IT professionals discuss update tradecraft. “And then as a result, we [will] leave ourselves exposed to risk of attack.”
Microsoft will release the first cumulative updates for Windows 7 and 8.1 tomorrow around 10 a.m. PT (1 p.m. ET).