Windows 7, 8.1 moving to Windows 10’s cumulative update model

(Last updated on: August 19, 2016)


By Peter Bright

Individual security fixes are out, combined packages are in.

Microsoft is switching Windows 7 and Windows 8.1 to a cumulative update model similar to the one used by Windows 10. The company is moving away from the individual hotfix approach it has used thus far for those operating systems.

One of the major differences between Windows 7 and 8.1 on the one hand and Windows 10 on the other is what happens when you run Windows Update. Microsoft’s two older operating systems usually need to fetch a handful of individual patches each month. If a system hasn’t been patched for a few months, this can require dozens of individual fixes to be retrieved. In the case of a clean installation, that number can reach the hundreds.

Windows 10, on the other hand, has perhaps one or two updates released each month. A single cumulative update incorporates not just all of the newest security and reliability fixes, but all the older fixes from previous months, too. If a system isn’t updated for a few months or has had its operating system freshly reinstalled, the scenario of having hundreds of individual fixes never occurs. Windows 10 just grabs the latest cumulative update and, with that one package, is more or less up-to-date.

The situation for Windows 7 improved a little back in May. That’s when Microsoft announced that a patch rollup containing all the patches released after Service Pack 1 was to be released. This rollup would cover several hundred individual updates, greatly reducing the time taken to get a Windows 7 system up-to-date.

Today’s announcement indicates that Microsoft is going to go further down this path.

October 2016’s Patch Tuesday will see the release of the first Monthly Rollup for Windows 7 and 8.1. This will be a single package delivering all of the security and reliability improvements released that month. Patch Tuesday will be delivered through Windows Update (WU), Windows Server Update Services (WSUS), and System Center Configuration Manager (SCCM). Subsequent months will have new Monthly Rollups, and these will be cumulative, incorporating the content of all previous Monthly Rollups.

Initially, these Monthly Rollups will only contain new patches released from October 2016 onward. Over the next year, Microsoft says that it will extend them to go back in time, slowly integrated all the patches released since the last “baseline.” Although not specified, this presumably means Windows 7 Service Pack 1 and Windows 8.1 RTM.

Once the integration is complete, installing the latest Monthly Rollup should be all that’s needed to bring a Windows 7 or 8.1 system up-to-date, with a couple of exceptions: Adobe Flash has separate patches, and so does the Windows servicing stack itself. As such, a fresh Windows installation might need a couple of individual patches to get the Windows Update components updated. But from then it’ll be able to fetch and install a single rollup to make it fully patched.

Microsoft will also create security-only updates that include all the security fixes released each month, without any reliability or feature changes. These updates won’t be cumulative. They will only be offered via WSUS and SCCM; WU users won’t see them.

What Microsoft won’t be doing after October, however, is shipping the individual hotfixes any more. Fixes will only be available through the Monthly Rollup or security-only update. This means that the ability to pick and choose individual fixes to apply will be removed; they’ll be distributed and deployed as a singular all-or-nothing proposition. Microsoft argues that this will improve patch and system reliability. The company only tests configurations where every update is applied (with hundreds of individual updates, it’s simply not possible to test all the individual combinations that a user might choose). This means that users and organizations that cherrypick their updates and only install a subset of the patches that ship each month are actually using configurations that Microsoft itself has not tested. Combining the updates should mean that end-user systems are closer to Microsoft’s tested configurations.

The new policy should also reduce the time Windows Update takes to run, as systems will have to be checked for the presence of fewer patches.

Going forward there will also be an equivalent patching regime for the .NET Framework. WU and WSUS will both distribute a Monthly Rollup of security updates and reliability improvements, with a security-only update offered to WSUS alone. The corresponding server operating systems—Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2—will also move to the same rollup model as the desktop platforms will use.

This entry was posted in Credit Card Processing and tagged . Bookmark the permalink.

Leave a Reply