Microsoft is ending the pick-and-choose patching in Windows 7 and 8

Microsoft yesterday announced that beginning in October it will offer only cumulative security updates for Windows 7 and 8.1, ending the decades-old practice of letting customers choose which patches they apply.

“Historically, we have released individual patches … which allowed you to be selective with the updates you deployed,” wrote Nathan Mercer, a senior product marketing manager, in a post to a company blog. “[But] this resulted in fragmentation where different PCs could have a different set of updates installed leading to multiple potential problems.”

Instead, only cumulative security and performance updates will be offered. “Individual patches will no longer be available,” Mercer said.

The new maintenance model for Windows 7 and 8.1 was a direct transplant from Windows 10, which has always relied on cumulative updates that include the contents of all previous releases along with the new fixes.

But cumulative also refers to the gestalt of Windows 10 updates: They’re entities that cannot be broken into their parts.

When Windows 10 debuted, Microsoft made it clear that updates were all-or-nothing. Customers — those who had a choice; consumers did not — had to accept the whole or forego patching. Users could not apply one individual patch and reject others, or more likely, accept most fixes but block one or more that had proved flawed and sometimes even dangerous.

The cumulative update practice has now been extended to Windows 7, Windows 8.1, and versions of Windows Server up to 2012 R2.

Part of the new practice had been mentioned earlier. In May, when Microsoft released a roll-up for Windows 7 — essentially a second “service pack” — the firm also said that all non-security bug fixes for Windows 7 and 8.1 would soon start appearing in monthly cumulative updates. At the time, Microsoft did not hint that it would expand the policy to security patches as well.

Starting in October, still-supported versions of Windows with the exception of Vista, will be offered only cumulative packages. One of those packages will bundle security and non-security fixes, while the other will be security patches only.

Customers who receive patches and bug fixes via Windows Update — the consumer-grade maintenance service — will automatically get the security/non-security cumulative update; they will not have a choice. However, businesses deploying updates using Windows Server Update Services (WSUS), System Center Configuration Manager (SCCM) or the Update Catalog download site, may pick between the security-only or the combined security/non-security updates.

“The security-only update will allow enterprises to download as small of an update as possible while still maintaining more secure devices,” Mercer said.

Mercer touted the change to the Windows 10 model as a boon to customers, ticking off benefits ranging from fewer updates to reduced scanning time. “The outcome increases Windows operating system reliability by eliminating update fragmentation and providing more proactive patches for known issues,” Mercer contended.

Not everyone has been happy with Windows 10’s update scheme. For more than a year, some, including IT administrators, have criticized the cumulative approach as inflexible. “We need the ability to delay or hide damaging updates that impact the computing experience, have undesirable side effects such as blue screens of death, or reduce the functionality to attached devices,” stated a public plea to Microsoft published last year on Change.org that asked the company to change its practices.

Microsoft also implied that starting in October it will document Windows 7 and 8.1 updates in the same cryptic fashion it now reserves for Windows 10. “To bring consistency to the release notes model introduced with Windows 10, we will also be updating our down-level documentation to provide consolidated release notes with the rollups for all supported versions of Windows,” Mercer said.

The Redmond, Wash. company has pushed customers to adopt Windows 10, and the changes to the maintenance model of Windows 7 and Windows 8.1, particularly the former, which is the standard in the enterprise, could be viewed as another step in the upgrade campaign. By eliminating the more flexible — but admittedly fragmented — pick-a-patch practice of Windows 7, Microsoft removes a reason for sticking with the older OS until it’s nearer retirement.

Windows 7’s and 8.1’s first cumulative updates should appear Oct. 11, that month’s Patch Tuesday.

Source: ComputerWorld