Microsoft desperately needs to simplify its patching process, but the latest change to how it rolls out updates for Windows 10 adds little to the mix except more confusion.
Earlier this week Microsoft patching honcho Michael Niehaus published details of . His article left me —I didn’t see much, if anything, that was new.
The heart of Niehaus’ announcement goes like this:
We are making some adjustments to the updates that we are releasing for Win10, version 1703… we will routinely offer one (or sometimes more than one) additional update each month. These additional cumulative updates will contain only new non-security updates, so they will be considered “Updates” in WSUS and Configuration Manager… For those using Windows Update for Business, these new “Updates” and “Critical Updates” will not be installed on any devices that have been configured to defer quality updates.
He goes on to say that this week’s Windows 10 Creators Update patch, (build 15063.250) is “the first of these non-security cumulative updates for Win10 1703.”
mailing list, columnist for , a Microsoft MVP, and the most plugged-in admin patcher I know. Here’s what she says:
Once again Microsoft is reacting to customer requests to change how they roll out updates to Windows 10. But this latest announced change… in my opinion… It’s just an acknowledgement that their process to get feedback through telemetry tells them what they need in order to fix the operating system.
When the 1607 update was released, we received updates to that platform about once a week. That’s right if you received the 1607 update when it was first released in July of 2016, you rebooted about once a week until the 1607 release finally settled down in the November time frame and started only getting rebooted once a month. So when Microsoft indicated in this recent posting that “based on feedback from customers” they are making this change… I would challenge that statement. This is merely fixes to fix an operating system that is getting a slow rollout to make sure that they find issues.
In fact this rollout is so slow, I have yet to see a 1607 Windows 10 machine that has received 1703 through Windows Update. Everyone I know who has received 1703 did so by requesting the update, either from the opt in process, or through the ISO download process. Microsoft isn’t releasing the media to their Enterprise customers (the volume license version) until May 1st. So for businesses, we’re still being urged to hold back and not rollout the 1703 release until the operating system gets a few more fixes.
But bottom line I don’t see this new announced patch as anything other than normal bug fixes for a recently released feature release. On my WSUS server I can opt to install them just like any other Windows 10 cumulative update. They include all fixes to date. But this newly announced change doesn’t change how I’m deploying Windows 10:
- I still have machines that I consider test machines on the latest feature release: currently 1703.
- I have my production machines on what is the current CBB release: Currently 1607.
- I have no machines on the original RTM version and if I had any computers on the 1511 version (the first feature update) I would be in the process of upgrading them to 1607.
So for me, this is business as the new usual with Windows 10: Expect any computer on a recently released feature update to be rebooted. A lot.
I posed a question to Neihaus about how this new approach differs from the Windows Insider “Release Preview” ring. He said:
The “Release Preview” Insider ring will get these same updates, but earlier in the process before they are published broadly to Windows Update, WSUS, and the Windows Update Catalog.
That’s the point where my head-scratching started drawing blood. I get that the Win10 updating cycle is different from the Win7/8.1 updating cycle. But I don’t see how the “new” Win10 updating cycle is substantially different from the old.
With Win7 and 8.1, we get:
- Monthly Security-only patches
- Cumulative Monthly Rollups
- Previews of the nonsecurity part of the next month’s Monthly Rollup
With Win10 we now get:
- Two levels of beta test versions (Insider Program Fast and Slow rings)
- Previews of the nonsecurity part of the next Cumulative Update (Insider Release Preview ring)
- Sporadic nonsecurity patches (which apparently contain the security part of the preceding cumulative update)
- Cumulative updates (which contain both the preceding nonsecurity patches and the latest security patches)
Could someone explain to me how we could make this any more complicated?
To me, KB 4016240—this week’s cumulative update for Win10 Creators Update and the first patch under the “new” regime—is essentially identical to , the third-week patch for Win10 Anniversary Update. If there’s something new, I don’t get it.
Microsoft desperately needs to simplify the patching process. We need something that doesn’t require a decoder ring, a secret handshake, and a . Evanesco!
You should be able to explain Windows patching to a five-year-old. Or a CEO.
Tell me what I’ve missed on the .