Posted by: kurtsh | September 15, 2016

NEWS: Upcoming changes in Windows 7/8.1 & WinSvr 2008R2/2012 servicing (i.e. How patches will be distributed)

On August 2016, Microsoft announced a new Windows desktop & server servicing/patching model that will be coming soon.

Post-Oct 2016, for each applicable Windows version, every month on the 2nd Tuesday, there will be ONE “Monthly Roll Up of Security & Reliability Patches from both past-and-present” published and ONE “Security Rollup of Patches from this-month-only” published & made available through traditional update distribution mechanisms.  Moving forward, individual patches will no longer be available for Windows 7, 8.1, 2008R2, & 2012.

Full details are posted in the announcement at:

There is also a Premier Field Engineer blog post on the matter here:

imageI have additionally posted a presentation entitled, “Improving Windows Servicing Scenarios”, that provides greater detail on this process for reference.  It shows a sample time line of what to expect and it also has an FAQ in there that answers questions like:

  • What components are included in rollups?
  • What’s in the .NET Framework Monthly rollup?
  • Is there any prerequisites for a rollup?
  • What is the expected size of the security only update?  The monthly rollup?
  • Does the Monthly Rollup increase network traffic?
  • Is it possible to apply only security updates?
  • What if there is an issue with a roll up?
  • Do the roll ups included version update of IE & GWX?

Download the presentation below:

Here are some questions I have received about this topic:

Re: “I need more detail about how the roll ups will work on the server side, critical vs important/optional.”

Windows servicing & rollup publishing won’t be any different from servers as from the desktop releases.

Re: “What about Office patches (some servers have Outlook for MAPI as well as some installed Office products like Word or Excel)? Are those in the rollups or are there going to be different rollups?”

The blog & the servicing changes only apply to the Windows – more specifically, the Windows releases that are stated below.  There is no monthly “singular” Office patch rollups or any change, for that matter, in Office servicing for legacy .MSI installations for Office Professional Plus (2016 or prior releases).  Our go-forward servicing model is centered on Office 365 ProPlus – Click-to-Run installations.  Nathan Mercer, Windows Product Manager & the writer of the original post, states this at

Re: “Do we need to change anything in SCCM to accommodate this new model?”

No. Update Management through SCCM will operate the same way as before… except there will now be TWO patches available to deploy on Patch Tuesday within the SCCM Update console.  One representing the “Monthly Roll Up of Security & Reliability Patches from both past-and-present” and one representing the “Security Rollup of Patches from this-month-only”.  This is addressed by Nathan Mercer here:

Re: “Are there multiple roll ups each months for each type, etc..?”

For each applicable Windows version, there is:

  • One “Monthly Roll Up of Security & Reliability Patches from both past-and-present
  • One “Security Rollup of Patches from this-month-only

Individual patches will no longer be available post-Oct 2016 per Nathan Mercer at

Re: “You list Windows 7, 8, etc… but what about Windows 10?”
Windows 10 already adheres to this servicing model going back to its release in Sept 2015. Please read our documentation for details on Windows 10 Servicing here:

The cumulative nature of all Windows 10 releases

It is important to note that, in order to improve release quality and simplify deployments, all new releases that Microsoft publishes for Windows 10 will be cumulative. This means new feature upgrades and servicing updates will contain the payloads of all previous releases (in an optimized form to reduce storage and networking requirements), and installing the release on a device will bring it completely up to date. Also, unlike earlier versions of Windows, you cannot install a subset of the contents of a Windows 10 servicing update. For example, if a servicing update contains fixes for three security vulnerabilities and one reliability issue, deploying the update will result in the installation of all four fixes.


%d bloggers like this: