On August 2016, Microsoft announced a new Windows desktop & server servicing/patching model that will be coming soon.
Post-Oct 2016, for each applicable Windows version, every month on the 2nd Tuesday, there will be ONE “Monthly Roll Up of Security & Reliability Patches from both past-and-present” published and ONE “Security Rollup of Patches from this-month-only” published & made available through traditional update distribution mechanisms. Moving forward, individual patches will no longer be available for Windows 7, 8.1, 2008R2, & 2012.
Full details are posted in the announcement at:
There is also a Premier Field Engineer blog post on the matter here:
I have additionally posted a presentation entitled, “Improving Windows Servicing Scenarios”, that provides greater detail on this process for reference. It shows a sample time line of what to expect and it also has an FAQ in there that answers questions like:
- What components are included in rollups?
- What’s in the .NET Framework Monthly rollup?
- Is there any prerequisites for a rollup?
- What is the expected size of the security only update? The monthly rollup?
- Does the Monthly Rollup increase network traffic?
- Is it possible to apply only security updates?
- What if there is an issue with a roll up?
- Do the roll ups included version update of IE & GWX?
Download the presentation below:
- POWERPOINT: “Improving Windows Servicing Scenarios”
Here are some questions I have received about this topic:
Re: “I need more detail about how the roll ups will work on the server side, critical vs important/optional.”
Windows servicing & rollup publishing won’t be any different from servers as from the desktop releases.
- The “Monthly Rollup” will contain both Critical Updates & Recommended Updates (i.e. non-security related patches) per Nathan Mercer at https://blogs.technet.microsoft.com/windowsitpro/2016/08/15/further-simplifying-servicing-model-for-windows-7-and-windows-8-1/#comment-12475.
- Both the “Security-only update” & the “Monthly Rollup” will be released as a RECOMMENDED update on Update Tuesday, the second Tuesday of the month, per Nathan Mercer at https://blogs.technet.microsoft.com/windowsitpro/2016/08/15/further-simplifying-servicing-model-for-windows-7-and-windows-8-1/#comment-12245.
- Note: There will be a 3rd patch rollup that will show up as an OPTIONAL update through all patch distribution facilities (WSUS, SCCM, etc.) on the 3rd Tuesday of each month called the “Monthly Rollup Preview” which will contain all non-security patches to be published in the upcoming month. The upcoming month’s official “Monthly Rollup” will be a combination of 1) The prior month’s “Monthly Rollup Preview” and the current month’s “Security Patches”, per Nathan Mercer at https://blogs.technet.microsoft.com/windowsitpro/2016/08/15/further-simplifying-servicing-model-for-windows-7-and-windows-8-1/#comment-12605 & https://blogs.technet.microsoft.com/windowsitpro/2016/08/15/further-simplifying-servicing-model-for-windows-7-and-windows-8-1/#comment-12595
Re: “What about Office patches (some servers have Outlook for MAPI as well as some installed Office products like Word or Excel)? Are those in the rollups or are there going to be different rollups?”
The blog & the servicing changes only apply to the Windows – more specifically, the Windows releases that are stated below. There is no monthly “singular” Office patch rollups or any change, for that matter, in Office servicing for legacy .MSI installations for Office Professional Plus (2016 or prior releases). Our go-forward servicing model is centered on Office 365 ProPlus – Click-to-Run installations. Nathan Mercer, Windows Product Manager & the writer of the original post, states this at https://blogs.technet.microsoft.com/windowsitpro/2016/08/15/further-simplifying-servicing-model-for-windows-7-and-windows-8-1/#comment-9805
Re: “Do we need to change anything in SCCM to accommodate this new model?”
No. Update Management through SCCM will operate the same way as before… except there will now be TWO patches available to deploy on Patch Tuesday within the SCCM Update console. One representing the “Monthly Roll Up of Security & Reliability Patches from both past-and-present” and one representing the “Security Rollup of Patches from this-month-only”. This is addressed by Nathan Mercer here: https://blogs.technet.microsoft.com/windowsitpro/2016/08/15/further-simplifying-servicing-model-for-windows-7-and-windows-8-1/#comment-12235
Re: “Are there multiple roll ups each months for each type, etc..?”
For each applicable Windows version, there is:
- One “Monthly Roll Up of Security & Reliability Patches from both past-and-present”
- One “Security Rollup of Patches from this-month-only”
Individual patches will no longer be available post-Oct 2016 per Nathan Mercer at https://blogs.technet.microsoft.com/windowsitpro/2016/08/15/further-simplifying-servicing-model-for-windows-7-and-windows-8-1/#comment-8385.
Re: “You list Windows 7, 8, etc… but what about Windows 10?”
Windows 10 already adheres to this servicing model going back to its release in Sept 2015. Please read our documentation for details on Windows 10 Servicing here:
- Introduction to Windows 10 Servicing
The cumulative nature of all Windows 10 releases
It is important to note that, in order to improve release quality and simplify deployments, all new releases that Microsoft publishes for Windows 10 will be cumulative. This means new feature upgrades and servicing updates will contain the payloads of all previous releases (in an optimized form to reduce storage and networking requirements), and installing the release on a device will bring it completely up to date. Also, unlike earlier versions of Windows, you cannot install a subset of the contents of a Windows 10 servicing update. For example, if a servicing update contains fixes for three security vulnerabilities and one reliability issue, deploying the update will result in the installation of all four fixes.