Huge Change to Patch Tuesday — IT Admins are Revolting [updated]

Microsoft Windows patch rollup
Nadella visualizes a monthly rollup

Microsoft to change how older OS installs get updates. From September, it’ll be more like the Windows 10 way of servicing.

So on the next Patch Tuesday, get set for one single rollup update. This means you’ll no longer be able to select the patches that work for you. And that’s a really good thing, because… uhh, reasons.

Well, it certainly makes Microsoft’s life easier, which is good, right? Right? In today’s IT Newspro, IT sysadmins brace for more update uncertainty, patch panic, and Tuesday terrors.

Your humble newswatcher curated these news nuggets for your entertainment. Not to mention: Coreographing success

[Developing story. Updated 7:23 am ET with more comment]

What’s the craic? Mary Jo Foley knows all about how Microsoft will move to monthly patch rollups:

Patches for Windows 7, 8.1Server 2008 and Server 2012 [will be] single rollups.Microsoft is moving to the samemodel for the .NET Frameworktoo.

These rollups will replace individual patches. [They] are going to include both security and reliabilitypatches. [They] will be published to Windows UpdateWSUSSCCM and the Microsoft Update Catalog.

As of October 2016individual [security] patches will no longer be available.The ultimate goal is for [the] rollups to become fully cumulative.


What if I want just the security patches? Kurt Mackie clarifies that there will be Two Update Types:

There will be two types of monthly releases.A “monthly rollup” and a “security-only update.”The security-only update is not going to be available through Windows Update. [And] organizations won’t be able to get security patches individually.

Organizations looking for individualupdates via the Microsoft Download Centerwon’t find them there.Microsoft [has already] started housing themin the Microsoft Update Catalog.


Cool, so I bet infosec opinionators are happy. Right? As Richard Chirgwin notes, that zero-day is still zero-month:

Farewell to a Patch Tuesday of downloading multiple files. [But] Redmond has decided to kill off individual security patches.

[It] will reduce the chance that an update fails [due to] a dependency on a prior update.Servicing Stack and Adobe Flash won’t be included.


Would you like to “experience” some Redmondian jargon? Microsoft’s Nathan Mercer speaks of simplifying servicing models:

Based on your feedback, today we’re announcing some new changes.Historically, we have released individual patcheswhich allowed you to be selective. [But] this resulted in fragmentation.

A rollup model [has] a more consistent and simplified servicing experiencegreater predictability, and higher quality updates.Getting and staying current will also be easier [and it] will minimize administrative overhead.

Windows Update [and] WSUS will utilize express packages, keeping thedownload size small.We will also be updating our down-level documentation.The monthly .NETRollup will deliverupdates to the .NET Framework versions currently installed on your machine.

So IT is basically being dragged, kicking and screaming, into Windows 10’s update style? Chris Merriman makes merry, with this epic rant: [You’re fired -Ed.]

Time to grab your indignation sticks and riot. [Microsoft] explained in some blog post blah blahthat this is an extension of the ‘Convenience Rollup’because you’re only a sysadmin and what do you know?

So, after months of Windows 10 sysadmins complainingthey weren’t being given the transparency they neededMicrosoft has decided to take the problem away bytaking away [the] right to choose.

In other words, fixing Windows 10 by making Windows 7worse.


What else is new? Novex sounds sorely vexed—Xbox attitudes again:

PCs just aren’t Xboxes. They are used in many different ways [so] updates need to be more finely controlled.And that applies toone-person businesses as well asconglomerates.

I can see businesses simply not installing it.How does that keep those PCs secure?


Yikes. Doesn’t anyone have something nice to say about it? JC Torres obliges, with Windows 7, 8.1 switches to monthly rollup update scheme:

In the past, Microsoft released patches piecemeal, whichmakes the user’s work more burdensome.Starting October, that all changes.One advantage [is] it will be easy for users to getupdates even if they missed a few.


Anyone else? Yes, this guy calling himself Dilbert:

We use SCCM and before it WSUS, and patching Win 7 still takes forever.It literally takes hoursand about 4 or 5 reboots [after] an SP1 install.Update detection alone can run for 10 minutes. Win 7has gotten just as bad as XP was.


Update: Yet more supportive comment. This one from Matthew Steeples:

This dramatically reduces the combinations of patches that will have to be testedwhich will mean higher quality.Yes it means that you’ll be left with an “all or nothing” approachbut done properly it will reduce the possibility of needing to roll back.


But WWPTD? Paul Thurrott says it will Dramatically Improve Windows 7/8.x Servicing:

Windows 7 updating is still very much broken.Now, Microsoft is taking the next obvious step.

Here’s the best part: Each Monthly Rollupwill supersede the previous month’s. [So] there will always be only one update required to get your Windows up-to-date.

This is of course what Microsoft should have done in tandem with the development of Windows 10.But it looks like theyfigured out how to do right byhundreds of millions of customers.

Buffer Overflow

More great links from Petri, IT Unity, Thurrott, and abroad:

And Finally

Why You Can’t Choreograph Success
[click here to read more from Amy Cuddy]

You have been reading IT Newspro by Richi Jennings, who curates the best bloggy bits, finest forums, and weirdest websites… so you don’t have to. Hatemail may be directed to @RiCHi or [email protected]. Ask your doctor before reading. Your mileage may vary. E&OE.

Main image credit: Le Web (cc:by)