Jaa


Updated Windows Updating/Servicing Guidance (from Ignite 2015)

Windows servicing; the process of managing updates to Windows, has finally been documented, per the following presentation from Ignite 2015:

Getting Ready for Windows 10: Servicing Windows Client and Server in a Managed Environment Today

If you care about the topic of Windows updating/servicing, this is the presentation for you.  This presentation is all about current Windows (client & server), but NOT Windows 10.  There are some topics discussed for Windows 7 and Windows Server 2008 R2.  Windows 10 strategies were covered at Ignite in other presentations.

NOTE: I want to point out that I am NOT a member of the Windows PG, I am a Platforms PFE in Microsoft Premier Services.  All of the information in this blog post, is what was discussed in the Ignite presentation.  The OFFICIAL bottom line on all these topics will come from the authoritative blog:  Windows for IT Pros .

IMPORTANT:  None of this information changes any guidance on security updates.  Security updates should be applied as soon as possible, within existing change management processes for the enterprise. Microsoft guidance on security updates and other related topics is available at this location:

Microsoft Safety and Security Center

Windows Updates: Categorization Processes

  • Since Windows 8, Microsoft has released updates that are NOT categorized as "Critical" or "Important", those updates are released with status "Optional".  This included most, if not all of the previous monthly Windows 8x/Server 2012x rollups.
  • Optional updates are discovered and installed by a relatively small percentage of users around the world that are Windows Update clients.
  • Keeping the updates as Optional (at first) provides time to discover and correct problems before those updates are promoted to status Recommended or Important.
  • Microsoft would like to have more customers not only try Optional updates as soon as possible, they would like customers to opt-in to the Customer Experience Improvement Program (CEIP) so their computing devices can send telemetry back to Microsoft, including how those update installations went.
  • Having IT Pros and enterprise customers sending telemetry on Windows updates, further aids in evaluating overall product quality with patches.  The enterprise segments are very important with Windows updates because the enterprise environments have different environments than consumer devices, and thus can help uncover issues that may not be discovered otherwise until deployment.

Hotfix Deployment Guidance: Then and Now

  • The text in today’s hotfix KB articles says don't apply this hotfix unless you experience this particular problem. Microsoft is changing the guidance on hotfixes and Optional updates to say “don’t wait to experience blue-screens, hangs, or data corruptions issues if there is a fix available that could correct these today”.  Proactively evaluate available fixes, whether Optional or hotfixes, as those fixes are in fact tested more stringently than in the past. Problems such as bugchecks, hangs, or data corruption, are not problems you should wait to experience.
  • Problems such as bugchecks, hangs, or data corruption, are not problems you should wait to experience.
  • Microsoft is changing guidance to say, "Deploy Hotfixes Proactively", especially bugchecks, hangs, and data corruption, maintaining strict testing standards, etc.
  • Microsoft will be updating hotfix KB articles to reflect Microsoft's updated Windows updating/servicing guidance.

Optional Update Guidance & Other

  • Microsoft would like to get telemetry from Optional updates from IT Pros which will help update quality and be a determinate for promotion to Recommended or Important.
  • Once an update appears in WU as "Recommended", that particular fix has been installed/deployed to millions of Windows devices already, so has been vetted to some degree.
  • Going forward, Windows updates listed as Recommended, Optional, or Important will be published as "one fix, one package".
  • Microsoft wants all customers to proactively install updates to help overall product quality.
  • The bottom line: Microsoft would like customers to proactively install available updates, not just security updates.  For the enterprise, this would mean introducing Optional updates into the change control process as soon as they are released, for eventual rollout to the production computer systems.

What about those Rollups?

  • Rollups are a single package with multiple fixes
  • Up until December 2014, Windows 8x/2012x had "monthly rollups".  At least for now, no more monthly rollups.
  • There may be from time-to-time., cumulative "convenience rollups" (not a technical term).  These provide a way to get current with all fixes by applying one package.
  • Moving forward, HOTFIXES will be published to the Windows Update Catalog (no timeline specified).  Therefore these can be relatively easily ingested into Windows Server Update Services, for enterprise deployment.
  • There WILL BE A ROLLUP FOR WINDOWS 7 & WINDOWS SERVER 2008 R2 (no timeline specified).

That last part if fantastic for those still running Windows 7 and/or Windows Server 2008 R2.

Thanks for reading!

Robert M. Smith, Senior PFE
Microsoft Premier Services

Comments

  • Anonymous
    January 01, 2003
    The comment has been removed
  • Anonymous
    May 19, 2015
    Microsoft offers IT guidance to prepare for Windows as a Service
  • Anonymous
    May 19, 2015
    This article brings up a major source of confusion and headaches regarding Microsoft’s updates.

    The article uses all the Window Update terms: Critical, Important, Recommended and Optional!

    Most of us in the Enterprise are going by the MSRC Severity(Critical, Important, Moderate, or Low) or WSUS/SCCM categories (Security Update, Critical Update, Update, Update Rollup, Service Pack, Feature Pack, Definition Update, Driver)

    If they want more participation, perhaps they should start by standardizing their categories.
  • Anonymous
    May 19, 2015
    Customers would like Microsoft to fully document all available updates offered. Right now there are too many optional updates that are vague in their descriptions and impact.
  • Anonymous
    May 19, 2015
    If MS wants IT pro's to help you, you need to help us. We need fewer patches that require a reboot. Especially on the server side. Windows core does nothing to help. Every month I have to reboot core servers due to updates just like my GUI servers. When windows can install patches without rebooting, then you can abandon patch Tuesday. The strategy to release updates whenever they are available may fly with consumers, but it won't benefit my business desktops and servers!
  • Anonymous
    May 19, 2015
    Agreed, no more restarts. Why don't you have this as a core tenet of the development team?
  • Anonymous
    May 21, 2015
    How will the above apply to those large corporations using SCCM? At some point the "updates" will have a severity ranking to follow..optional / recommended / important etc?
  • Anonymous
    June 18, 2015
    The comment has been removed
  • Anonymous
    July 23, 2015
    “...don’t wait to experience blue-screens, hangs, or data corruptions issues if there is a fix available that could correct these today”. - The logic is flawed: you won't know you need it until your server BSODs and you start Googling it.

    So what is Microsoft doing about efficiently advertising the availability of hotfixes?
  • Anonymous
    January 28, 2016
    Any news on that update rollup for Windows 7/2008 R2?
  • Anonymous
    February 02, 2016
    Or any "convenience updates" for 2012 R2? A brand new system deployed using the latest update rollup from December 2014 has 148 pending important updates when it starts up, which adds significant time to our deployment process.
  • Anonymous
    February 10, 2016
    I agree with the last three replies: Microsoft, please give us:
    * A clear list of available hotfixes.
    * A "Convenience Rollup" for Server 2012 R2, maybe even including the hotfixes.
    * A package to get Windows 7 / Server 2008 R2 quickly up-to-date.