What is the most unpleasant aspect of life for a Windows admin, which, if ignored, can lead to much bigger problems? Undoubtedly, patch management. Making sure every machine in the environment has the latest patches installed can sometimes turn out to be an IT admin’s worst nightmare. Administrators using previous versions of the Windows Update model (prior to Windows 10), often faced several hiccups while identifying and mitigating vulnerabilities in Windows and its application set. Thankfully there’s a better way to manage patches now: Windows 10 cumulative updates.
Traditional Windows Patching Model
Before Windows 10, Microsoft released individual patches—both updates and fixes—on the second Tuesday of each month, popularly known as “Microsoft Patch Tuesday.” Admins found the patch model difficult to work. They had to process several Windows updates each month, test hundreds of possible update combinations, and carefully select updates that met their organization’s needs. Ultimately, the traditional Windows patching model often led to update fragmentation, with different PCs having different set of updates installed.
Windows 10 Patching Model
Microsoft never fails to provide users with solutions to Windows Update issues. With Windows 10, Microsoft introduced a simpler update system, with one comprehensive update package release each month. The all-in-one, cumulative monthly updates include all Windows fixes (security and non-security) and supersede the previous month’s updates. This approach simplifies the process of updating and clean installing Windows 10.
i) Feature updates are released two or three times per year. As their name suggests, these updates add new features to Windows 10 on a regular basis, rather than every three to five years.
ii) Quality updates are released monthly, delivering both security and non-security fixes. These are cumulative, so installing the latest quality update applies all the available fixes for a specific Windows
10 feature update.
To further simplify the update process, the Windows 10 update model introduced three servicing branches: Current Branch (CB), Current Branch for Business (CBB), and Long-Term Servicing Branch (LTSB). Each branch provides different levels of flexibility, allowing administrators to choose how often they want their devices updated. The bottom line is all Windows 10 update releases published by Microsoft will be cumulative.
Patch model for previous versions of Windows
Finding this shift to monthly rollup updates in the Windows 10 update model easier and more consistent, Microsoft announced changes to servicing models for older operating systems as well, including Windows 7 SP1, Windows 8.1, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2.
A rollup is simply multiple patches rolled together into a single update. Microsoft now offers monthly rollups that includes both security and reliability patches. Each month’s rollup will supersede the previous month’s, thereby requiring only one update for Windows PCs to stay current. Users can install monthly rollups from servicing tools such as WSUS, SCCM, and the Microsoft Update Catalog.
Managing and deploying monthly rollup updates can also be done using Desktop Central patch management. Monthly rollups are categorized under “Rollups” in Automate Patch Deployment (APD), while security-only rollups are categorized as “Security updates” and patched like other security updates. Note that this new option is available for build 92098 and above. Click here to learn more about other applications supported in Desktop Central’s patch management feature.