Microsoft in 2016 changed the way it rolls out updates for Windows 7 and Windows 8.1, leaving many IT admins and users confused. Here's how to sort out what the company is doing.
By Gregg Keizer
Senior Reporter, Computerworld
It's been more than a year since Microsoft ended the decades-old practice of letting customers choose which patches they apply, and instead instituted a cumulative update maintenance model for Windows 7 and its shadow-of-a-sibling, Window 8.1.
And yet some users still don't grasp the new scheme.
"There are plenty of people who don't know which kind of update they should use," Chris Geottl, product manager with client security and management vendor Ivanti, said in a recent interview. "'Which one should I do? What non-security features are included in the monthly rollup? There's still some confusion."
No wonder there.
Microsoft asked for a lot last year. It asked enterprise IT administrators to upend ingrained patching practices. It asked them to make radical changes to how they maintain Windows 7 deep into its lifecycle, when there were just three years and change remaining before retirement, a phase most admins probably thought they'd be coasting as they prepped for Windows 10. It asked customers to absorb new terminology. And it changed the rules more than once after the new process debuted.
In return, users had questions - ans still do. The top query may seem among the simplest - what's the difference between the two types of Windows 7 updates now offered - but as Computerworld found out, appearances are deceiving.
What's in the security-only update? Just as the name implies, this update includes only security-related fixes, the kind that Microsoft has issued for 14 years on the second Tuesday of each month (aka "Patch Tuesday").
Just as important, though, is that the security-only update contains this month's fixes, and nothing more. (Again, that characteristic is what has defined Windows patches for years.)
What's in the monthly rollup? The Windows 7 and 8.1 monthly rollups include not only this month's security patches, but also all past security and non-security fixes, going back to at least October 2016, and possibly further. In other words, a monthly rollup is a superset of the month's security-only.
Side note: "Rollup" is a term Microsoft has used for ages to label catch-up updates, those that bring a program or operating system up to current status by bundling all past fixes. (Usually from a specific point in time, say, the last major release, which in the past were called "service packs" and abbreviated to "SP" as in "SP1" to designate the first such collection.)
Microsoft has touted rollups as a customer convenience, because they allow a long-out-of-date PC to be made current with just one download and install, rather than being forced to retrieve scores, maybe hundreds, of individual updates. That's exactly how the company described what it dubbed the "Windows 7 SP1 convenience rollup" it issued in May 2016.
"Install this one update, and then you only need new updates released after April 2016," Microsoft said at the time of the convenience rollup, which preceded and presaged the monthly rollups announced three months later.