Microsoft Explains SCCM's Role in the Windows Update Model
In a new video series, Microsoft details how administrators can manage Windows clients using System Center Configuration Manager (SCCM).
The first installment of the series focuses on the nature of the updates that get released each month for Windows, .NET Framework and Internet Explorer. Steven Rachui, a Microsoft principal premier field engineer, described the update types for both Windows 10 systems and older Windows operating systems. He explained that with Windows 10, Microsoft wanted to move its customers away from selectively choosing which patches to apply each month, which can lead to problems.
Windows 10 updates follow a cumulative model, where a monthly update release contains prior patches. Microsoft kicked off that cumulative update scheme from the beginning with the release of Windows 10. In October of 2016, Microsoft also started implementing a similar approach for Windows 7, Windows 8.1, Windows Server 2008 R2 and Windows Server 2012/R2, Rachui indicated.
Nine update types were identified in the talk:
- Critical Update: a widely released fix for nonsecurity software flaws
- Definition Update: a widely released update to a definitive database
- Drivers: an update to the system that manages hardware
- Security Update: a widely released fix for a software vulnerability
- Service Pack: a between-version cumulative update that largely applies to "legacy" or older software
- Tool Update: an update to a utility software program
- Security-Only Update: an update released each month that contains all of the security updates for that month, but which is not cumulative
- Monthly Rollup: a set of cumulative updates that include both security and reliability updates
- Preview of Monthly Rollup: a tested cumulative set of new quality updates packaged together for distribution in the next month, containing what was included in the prior month, but excluding security updates
Rachui clarified that Microsoft had removed the ability to manage driver updates with SCCM 2012. Later, it added the driver management capability back with the current branch release of the SCCM product, but just for Microsoft Surface devices.
Updates are cumulative for Windows 10 and Windows Server 2016. The updates typically arrive on "update Tuesdays," or the second Tuesday of the month.
Update releases get more complicated for Windows 7, Windows 8.1, Windows Server 2008 and Windows Server 2012/R2 systems. They have "standalone" and "cumulative" patch options. The .NET Framework also has such options. The Internet Explorer browser is notable for just getting cumulative updates, a change that Microsoft instigated on Feb. 27, Rachui said.
A high-level view of Microsoft's update scheme is shown in the following chart:
Organizations patching Windows 7, Windows 8.1, Windows Server 2008 R2 and Windows Server 2012/R2 can apply standalone or cumulative updates. On the standalone side, the Security-Only Quality update is not a cumulative patch. It arrives on update Tuesdays.
One the cumulative side for Windows 7, Windows 8.1, Windows Server 2008 R2 and Windows Server 2012/R2, the Security Monthly Quality update also arrives on update Tuesdays but it's cumulative. There's also a Monthly Quality Preview cumulative update, which is a nonsecurity update that arrives on the third Tuesday of the month for testing purposes.
.NET Framework Updates
Organizations patching the .NET Framework can deploy standalone updates or cumulative updates. On the standalone side, there's a Security-Only Update, which contains all new fixes for that month but which is not cumulative. The Security-Only Update arrives on update Tuesdays.
On the cumulative side for the .NET Framework, there are three updates:
- Security and Quality
- Quality Preview
- Windows 10 Quality
The first one, the Security and Quality Update, includes all new fixes for the month and fixes for the prior month. It arrives on update Tuesdays.
The second one, the Quality Preview Update, includes nonsecurity fixes for the next monthly rollup, and also includes security and nonsecurity fixes for the prior month. It arrives on the third Tuesday of each month.
Lastly, there's the Windows 10 Quality Update for the .NET Framework, which "contains all security and quality updates from the previous rollups plus updates that are released specifically for Windows 10 systems," Rachui explained. The Windows 10 Quality Update for .NET Framework gets released on fourth Tuesday of each month.
Throughout the rest of the presentation, Rachui showed how to filter Windows updates using search within the SCCM management console. IT pros can scroll to see if updates have been superseded within the search list. It's only necessary to deploy the ones that haven't been superseded.
Kurt Mackie is senior news producer for 1105 Media's Converge360 group.