Microsoft adds another option to its complex Windows 10 patching story

[Karlston]

IT pros, take notice: Microsoft is adding yet another set of Windows 10 Cumulative Updates -- ones that don't include security fixes -- to its patching mix.

Microsoft is adding another wrinkle to its already complex Windows as a Service strategy.

 

Microsoft is planning to make one or more additional Cumulative Updates available to Windows 10, starting with the Creators Update (aka Windows 10 1703). Because these Cumulative Updates won't include security fixes, they will be categorized as "Updates" in Configuration Manager and Windows Server Update Services (WSUS), according to Microsoft in an April 24 blog post. Additionally, Microsoft officials caution that the company "may occasionally identify non-security fixes that address more critical issues" which will be labeled as "Critical Updates."

 

Windows for Business users won't have any of these new Updates or Critical Updates installed on any devices that have been marked to defer quality updates, the post notes.

 

With this new addition of non-security updates to the mix, administrators have several options for dealing with them, according to Microsoft officials. They can deploy them on Patch Tuesday; deploy them only to a subset of devices for testing or to devices experiencing issues before the updates are included in the following Patch Tuesday cumulative updates; or don't deploy them at all when they're released, since they will automatically be included in the following Patch Tuesday's cumulative update.

 

Best I can tell from reading this post, Microsoft will continue to provide on Patch Tuesday Windows 10 Cumulative updates that include both security and non-security fixes. (I've asked Microsoft just to be sure; no word back yet.) These combined security and non-security Cumulative Updates will be designated as "Security Updates" in Configuration Manager and WSUS.

 

I'm not really clear on why Microsoft is adding these new non-security updates to its patching mix. Microsoft's official reason is it's for "increased flexibility."

 

Microsoft already has instituted a patch-rollup system for Windows 7, 8.1, and Server 2008/2012 machines that separates security and non-security updates.

 

Any IT pros out there see value in the addition of these Windows 10 non-security Cumulative Updates?

 

In related news, just a reminder that Microsoft won't be updating the original Windows 10 release (aka 1507, released in July 2015) after May 9, 2017.

 

Source: Microsoft adds another option to its complex Windows 10 patching story (ZDNet - Mary Jo Foley)

 

Also Looks like Windows 10 is going to get something like “Group B” (AskWoody.com)

[steven36]

Since I i keep updates blocked when ever I'm not using them I can deploy updates when I fell like it .  For me i see no difference. When a OS 1st comes out I do all the updates witch comes out 2 times a month  and then I cut down too updates too once a month  once they have sorted most of the bugs out. but  now the way there pushing out new versions by time they do get the bugs out the next release of windows will be out a new release every 6 mouths  even if you keep updates blocked  and stay on a old version and install updates with installers   you only can get updates for 18 months tell you're forced to movie  on if you want updates.. The 1st Windows 10's updates expires in  May if anyone is still on it? 

 

On Ubuntu I been doing updates like 2 times a day for different stuff on the release they release every 8 months.  You're lucky if they dont cancel  updates on Windows 10 even though there only like 2 times a month and if lots of regressions start showing up like happen in Redstone 1 I will cut down too just patch Tuesday updates again so they have longer too fix them..  They not big like they use to be if you use AU  but the culminate installers will keep getting larger and larger with each update they are up too over 341.2 MB now for x64

[CrAKeN]

 

The Creators Update will be the only version getting the non-security cumulative update

 

Microsoft rolls out new cumulative updates every month on Patch Tuesday, including here not only security fixes targeting vulnerabilities in Windows 10 and installed Microsoft software, but also OS improvements and other tweaks refining the overall experience.

 

Today, the company announced that it would publish a second cumulative update for businesses running Windows 10 Creators Update, this time including non-security fixes.

 

Microsoft says that although it wants to release one such cumulative update every month (in addition to the security release on Patch Tuesday), there might be cases when more than a single extra cumulative update is shipped, depending on the bugs that it needs to fix.

 

These updates will be listed as “Updates” in WSUS and Configuration Manager, with certain exceptions when critical issues affecting organizations are targeted, so the updates will be flagged as “Critical Updates.”

 

Customers who use Windows Update for Business won’t have these updates installed automatically if options to defer quality updates are in place.

 

You can simply ignore these updates

 

The software giant explains that Windows 10 users getting these updates will be allowed to deploy them just like the updates that are shipped on Patch Tuesday, but at the same time, be provided with options to deploy each of them only to a subset of devices.

 

“This enables the organization to ensure that these new non-security fixes work well, prior to those same fixes being included in the next “Update Tuesday” cumulative update which will be deployed throughout the organization,” the company explains.

 

Additionally, there’s the option not to deploy the updates at all because Windows 10 systems will eventually get the included improvements anyway with the next cumulative updates released on Patch Tuesday.

 

Cumulative updates include all the previously-released patches, so installing the latest version always brings a computer fully up-to-date. Deploying these non-security patches, however, puts users in more control over their patches, letting them address bugs before the monthly Patch Tuesday.

 

Source