Microsoft To Change How It Updates Windows 7/8.1 and Server 2008 R2/2012 Starting In October
Microsoft is making changes to how it delivers updates to Windows 7 SP1 and Windows 8.1, and also Windows Server 2008 R2 and 2012 and the impact will be felt by every IT Pro. Starting in October of 2016 and onward, Windows will be releasing a single monthly roll-up that will address both security and reliability issues in a single update.
This new update model will be delivered via Windows Update and the Microsoft Update Catalog. Much like Windows 10, each update will supersede the previous month’s release which means that there will always only be one update that you need to download to patch your system. The company says that they will also retroactively add prior patches too so that these monthly updates eventually become fully cumulative; it may take a year or more for the process of previous patch inclusion to be completed.
Also starting in October, the company will release a single security-only update as well. This update will combine all the security patches and bundle them together for a single release but unlike the monthly roll-up, the security-only update will only include patches for that month. These updates will be available to download from WSUS, SCCM, and the Microsoft Update Catalog.
What this means is that individual patches will no longer be available and that to patch your system, you must accept all the releases for the month in the single patch. The company will be changing their documentation as well to match the style introduced with Windows 10 to provide consolidated release notes with each roll-up.
This change is rather significant and considering that Microsoft has released a few bad patches in the past couple of years that have broken fundamental features of Windows, this change in update style may not sit well with IT Pros.
The new update process begins in October and it will be interesting to see how IT shops adjust to the new update style and cadence. On one hand, it will become easier to provision a new machine and get it all patched but the downside is that you do lose some control over the selective flexibility of installing individual patches on your network.