Microsoft Explains Its Windows 10 Patching Process
In response to public requests for a primer on Microsoft's monthly update servicing for Windows 10, John Wilcox, a contributor to the Microsoft Tech Community, recently shared some details of the company's update release process.
Wilcox's explanation came in the form of an Aug. 1 blog post, which came on the heels of the publication of an open letter to Microsoft by Susan Bradley, a Microsoft Most Valuable Professional and moderator of the Patchmanagement.org list-serve for IT pros. Bradley conducted informal surveys that found broad discontent with Microsoft's Windows patch release approach among both the public and IT pros.
According to Wilcox, IT pros should pay most attention to the second Tuesday of each month, which Microsoft calls "update Tuesday." On those Tuesday delivery dates, Microsoft issues the most important releases, although it has three other possible delivery milestones each month where patches could get delivered, and it has so-called "out-of-band" patch releases that could appear at any point.
"As an IT professional, you should have an established process and plan to ingest Update Tuesday releases each month," Wilcox stated. He also clarified that new features don't arrive on update Tuesdays, which appears to be new information from Microsoft:
For Windows, Update Tuesday is the most important monthly service event. This quality update does not include new features; instead, it serves to enhance system stability and security. We develop and test these updates quickly to minimize the impact of a vulnerability should one be made public, and they should be installed as soon as possible once released.
Microsoft's monthly update cycle description has altered slightly from how it was described almost two years ago. Here's a new approximation of the monthly update cycle in table form, which was recompiled based on Wilcox's comments:
|Security-only update for deployment
||Monthly (contains security patches only)
||On "B week" to WSUS and the Windows Update Catalog; accessible via SCCM
|Security and quality update for deployment with no new features (a.k.a. the "monthly rollup")
||Cumulative (security plus non-security patches)
||On "B week" to WSUS and the Windows Update Catalog
|Preview of monthly quality update for testing, mostly for older Windows systems (a.k.a. the "preview rollup")
||Cumulative (non-security patches only)
||On "C week" to WSUS and the Windows Update Catalog
|Preview of monthly quality update for testing (a.k.a. the "preview rollup")
||Cumulative (non-security patches only)
||On "D week" to WSUS and the Windows Update Catalog
||Monthly or whenever needed
Revised description of Microsoft's monthly updates for supported Windows clients and servers. Cumulative updates contain past fixes previously released and new fixes. "B week" represents "update Tuesday," or releases that arrive on the second Tuesday of each month. "C week" is reserved for test releases that arrive on the third Tuesday of each month. "D week" is reserved for test releases that arrive on the fourth Tuesday of each month. WSUS, Windows Server Update Services; SCCM, System Center Configuration Manager. (Sources: Microsoft Windows blog post and Enterprise blog post, as modified by comments in this Aug. 1 Microsoft Tech Community post.)
A new element described by Wilcox is that the C and D week updates are reserved for nonsecurity patches only that are intended for testing by IT pros. Moreover, these updates don't need to be deployed by IT pros.
"In most cases, 'C' and 'D' releases do not need [to] be deployed to your broader ecosystem," Wilcox clarified.
In addition, C week appears to be carved out by Microsoft for updating "older versions of Windows 10 (as well as supported versions of Windows 7 and Windows 8.1)," according to Wilcox's description. He added that most nonsecurity releases happen in D week. Apparently, D week releases are intended for previewing Windows 10 updates that will be arriving in the next month.
No "A" week releases were described. It's possible, though, that such releases are part of Microsoft's monthly update plan in some way. For instance, Bradley commented in Wilcox's post that "we've also had some Windows 10 fixes released on the A week."
Microsoft follows basic principles with its patch approach. One of them is to make things simple and predictable. IT pros "shouldn't have to memorize multiple release schedules," Wilcox suggested. He also suggested that Microsoft is committed to being transparent with patch details by releasing "simple release notes." And Microsoft aims to release updates that don't compromise "quality or compatibility."
In the comments section, Bradley offered a contrary view, noting last month's problematic patch release.
"The month of July was a study in NOT being simple," Bradley wrote. "The cumulative updates were not cumulative. Also in the last several months the release of the C and D patches have been very inconsistent. Sometimes we've had them released on Tuesday, other times it's been Wednesdays or Thursdays."
Microsoft uses telemetry and artificial intelligence to deliver updates to the Windows machines that can tolerate them. However, things do go wrong. Microsoft's July 10 update Tuesday patches adversely affected organizations running SQL Server, as well as Skype and Exchange Server. Additionally, applications using .NET Framework had problems.
Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.