The mechanics of Windows and Office patching — explained in plain English

Topic

New Reply

There’s a lot of confusion about “Week A” / “Week B” bafflegab and what constitutes a Preview. Microsoft’s explanations don’t make much sense. To top
[See the full post at: The mechanics of Windows and Office patching — explained in plain English]

14 users thanked author for this post.

HiFlyer, Pepsiboy, Klaas Vaak, Karlston, lurks about, SueW, OldBiddy, geekdom, Microfix, Bill C., Mr. Natural, WildBill, lmacri, Elly

Reply | Quote

Replies

It’s also a change in how patching used to be.  At one time only the most recent Windows 10 release (Current branch) would get updates twice a month.  Now we are getting two releases for each feature release of Windows 10 per month.  Also they still aren’t properly describing how servicing stack updates factor into all of this (whether or not you need them depending on how you patch).

Remember…this is simple.

Susan Bradley Patch Lady/Prudent patcher

15 users thanked author for this post.

HiFlyer, fk5353, Klaas Vaak, Karlston, lurks about, OldBiddy, BobbyB, Microfix, Bill C., Mr. Natural, WildBill, lmacri, zero2dash, woody, Elly

Reply | Quote

Susan Bradley wrote:

Remember…this is simple.

HA! May I quote you?

(Actually, I started down this path when I saw Crysta’s confusion about “B Week” and Patch Tuesday. It only scratches the surface.)

3 users thanked author for this post.

columbia2011, WildBill, Elly

Reply | Quote

“Be simple” yet it’s anything but.
If this is “simple”, what’s “difficult”?
I’m an IT guru, a SysAdmin. I’m familiar with PowerShell and SCCM. I’ve worked in Enterprise level Windows environments for half a decade. I’m college educated, with a degree and nearly a 4.0.

Their update processes still confuse even me, and practically everyone I have worked with over the years.

“Simple” was the way it was 10 years ago; this, is not “simple”.
Yeah, I get that “times change”, but Linux updating (which once was incredibly difficult), is now ridiculously simple. (And TRULY “simple”.)

Again, if this is what MS thinks is “simple”, then I want to see what they think is “difficult”.
The only way this is “simple” is if you take every update they shoot out, when they shoot it out.

The majority of Win10 users have long been unpaid beta testers; now that they’re going to do a “Managed Desktop”, I think the term fits even more. I bet you will see that they pull updates for their MD customers that have broken unpaid beta tester systems all over the world. Just you wait…

12 users thanked author for this post.

HiFlyer, fk5353, David F, Pepsiboy, Klaas Vaak, lurks about, Mele20, Elly, Karlston, Microfix, woody, WildBill

Reply | Quote

Win7 turn off update services, wsusoffline dot net, v11.1; coz M$ updates in the months after were sabotage.

Reply | Quote

I used to use wsusoffline but you cannot pick and choose updates unless you do some editing.

I run my own cmd files for batch installing servicing stacks, rollups, sec only updates, IE11 and its sec only updates, WMF 5.1, .NET 4.6.2, and then all the tweaks I do in GP (but done via registry so they are batched since I’m not running a domain at home).

wsusoffline is a great tool, but even if you choose the sec only option instead of doing the sec & quality updates – MS has snuck c*** in and I only trust myself at this point to pick and choose updates. I know those guys generally blacklist and remove the bad updates, but there have been times in the past that they didn’t or hadn’t yet.

2 users thanked author for this post.

HiFlyer, Klaas Vaak

Reply | Quote

zero2dash wrote:

I run my own cmd files for batch installing servicing stacks, rollups, sec only updates, IE11 and its sec only updates, WMF 5.1, .NET 4.6.2, and then all the tweaks I do in GP (but done via registry so they are batched since I’m not running a domain at home).

Can those cmd files be shared here? I use WSUS Offline too, but am concerned by what you describe.

1x Linux Mint 19.1 | 1x Linux antiX

Reply | Quote

I wonder if the internal design of the Windows and the Window kernel are part of the patching problem. In Unix and Linux there is a philosophy of having many small, discrete programs that do one thing very well. And you can ‘pipe’ the output of one into another making a daisy chain of programs if necessary. This attitude has shown up in Linux where the kernel, window manager, and desktop environment are very distinct, independent entities that are loosely coupled to each other. Thus it is possible to run different desktops on the same box without much difficulty. Window managers would require more work to switch between, not something most would bother to do. So bugs in a desktop for example tend to be isolated to that specific desktop environment. Patching these bugs should rarely require modifications to the window manager or the kernel. MS has claimed that they could not remove IE from Windows as it would break Windows; thus it is tightly coupled to the OS and bugs in it are reality a form of OS bugs. While in Linux web browsers are standalone applications that can be installed or removed at will. Bugs in the browser, while they may be very serious, are not OS bugs as one could remove that browser if necessary.

1 user thanked author for this post.

HiFlyer

Reply | Quote

I would add here yet another problem: a design where the OS is also wrapped around of a single file whose eventual corruption can cause plenty of grief: the Registry.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

1 user thanked author for this post.

lurks about

Reply | Quote

In Unix and Linux there is a philosophy

It’s called The Unix philosophy:

https://en.wikipedia.org/wiki/Unix_philosophy

Learn, Microsoft, learn!

1 user thanked author for this post.

AlexEiffel

Reply | Quote

Excellent primer for how it should & Used to Be, Woody. Following MS-DEFCON is needed more now than ever as well. 1 & 2, Don’t Touch WU. 3 & 4, be careful & more. 5, patch & that’s No Jive!

Bought a refurbished Windows 10 64-bit, currently updated to 22H2. Have broke the AC adapter cord going to the 8.1 machine, but before that, coaxed it into charging. Need to buy new adapter if wish to continue using it.
Wild Bill Rides Again...

3 users thanked author for this post.

ZemplinTemplar, SueW, Demeter

Reply | Quote

From @woody ‘s Computerworld article:

Nowadays, newer Win10 versions get three or even four patches, fixes and re-patches per month. Multiply that by three current versions (1703, 1709 and 1803), and there’s a whole lot of Win10 patching going on. It’s a wonder Microsoft can keep all of the balls in the air.

When we first started down this “Wacky” road of Cumulative updates didn’t M$ say it was going to simplify things? One update(s) once a Month, done deal. Or in the case of Win7 8.1 a few but ostensibly simplify the patching process. The reason they gave at the time was that Patches where all over the place using the old Adhoc system. This in effect was to be the “Brave New World” What we have now is a whole plethora of Patches on Patches on Patches of faults, not rectified, but introduced by, strangely enough. Patches i.e. the Win7 NIC episode (did it ever get fixed?) Its worse than the old system ever was alas. Whatever happened to that old Mantra M$ used to espouse about that they were maintaining to many versions, and to many Variants of Products and that it was all going to be streamlined. Hmmm methinks not happening the way things are now obviously.

5 users thanked author for this post.

ZemplinTemplar, HiFlyer, Cybertooth, Elly, woody

Reply | Quote

Four current versions. 1607 is still being “serviced” (if you can call it that) for Education, Enterprise, and LTSB. Then there’s 7, 8.1 and a roughly equal number of server versions.

This, to me, is why they can’t keep up any more. The service on so many versions and the accelerated development is eating them to death. They need to GIVE UP on the 6-month cadence before it kills them.

3 users thanked author for this post.

HiFlyer, fk5353, Cybertooth

Reply | Quote

Five with 1507 LTSB
plus two single Server variants, 2008 & 2012
and the XP POSReady thing

sum of all fears = 10 😀

Reply | Quote

Great article Woody. Everyone needs to keep the heat on Microsoft regarding this situation. I do believe Microsoft is listening after Susan’s email to “he who shall not be named”. Prior to the August office updates my WSUS server had crickets chirping out of it the last few weeks.

Red Ruffnsore

2 users thanked author for this post.

ZemplinTemplar, BobbyB

Reply | Quote

? says:

With Microsoft it has become

to patch or not to patch, that is the question…

using Ubuntu (for me) is Synaptic Package Manager…

Reply | Quote

Woody a great article!

My confusion centers around the multiple Windows 10 updates and how to get them since most of us Windows 10 Pro users have restricted MS ability to download them at will.

This means that we may be without a later released bug patch of a patch.

For example, if we have: Semi-Annual Channel,  Group Policy set at 2, Feature updates at 365 days, and Quality Updates with a 0 days delay; we will receive the second Tuesday of the Month cumulative update (which are usually hidden via wushowhide awaiting Defcon 3 or more).

However, from then on, it is my experience, that the subsequent bug fix updates released on the third and forth weeks (or whenever) do not appear in Wupdate.

This presents a dilemma as what to do when Defcon goes to 3, as the only update available to install is the original hidden update that has had bug fix KB’s released during the month, but which are not available via WUpdate to install.

If we wait for the next second Tuesday of the month cumulative update, it will contain all of the previous month, but then we need to hide and wait on that one, and the process starts over.

So how do we handle Window 10 updates when more than the second Tuesday of the month updates are released?

We may, in fact, be facing this situation regarding the July updates.

1 user thanked author for this post.

HiFlyer

Reply | Quote

PK?  Susan? Woody? Bueller?

Anybody have an answer to this Windows 10 Update question?

Reply | Quote

From the Computerworld article: “Microsoft hasn’t released a significant new feature for Win7 or 8.1 for at least a few years. Other than bug fixes, time zone changes and the like, the only non-security modifications we’ve seen are designed to increase telemetry.”

And I am so glad of not getting “new features”. When I want to get them, I always find something elsewhere and install it myself, without MS “help”. As to telemetry: one does whatever one can by practicing good Internet and personal computer hygiene. But in today’s world it is an inescapable fact of life that any Tom, Dick or Harry can have your SSN, home address and telephone number just for the asking, not to mention your present geographic coordinates, if you are not too careful. In ages gone by, a person so spied upon would have the means to find and confront the spies in person and give them a good thrashing. Now days, that option is pretty much unavailable. Unfortunately, some resignation to fate is, therefore, in order.

That said, I must confess that having Windows 7 and patching myself Group-B style seems to get me into much less trouble and bother than those using Windows 10 or patching as Group A. And except for the occasional annoying inconvenience of dealing with a re-patch issued by MS later in the month, my experience has been pretty good, so far. And now am fully patched trough July (except for .NET, — and for the rollups, that I never install). Of course, Win 7 runs out of steam on January of 2020, and options will have to be found and adopted by then. I already have a Mac, and it might well be that there is also a Mac in my future (fate, again?). We’ll see.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

6 users thanked author for this post.

David F, Pepsiboy, OldBiddy, Demeter, Karlston, Bill C.

Reply | Quote

Well at this rate, there won’t be enough Tuesday’s in a month and a month won’t be long enough to fix them..

Is this not where the Group A / B patching starts to crack? (then a sinkhole appears)

If debian is good enough for NASA...

1 user thanked author for this post.

BobbyB

Reply | Quote

How come I suddenly hear “Gloomy Sunday”??

1 user thanked author for this post.

lurks about

Reply | Quote

Not quite that suicidal yet, getting close though.

Reply | Quote

In my experience, Group B is still doing quite well, except for the odd inconvenience now and then. No crack ups in sight, or sinkholes. But, although no one would have imagined this before, in the early years of the XXI Century, we are being watched keenly and closely by (artificial) intelligences greater than man’s and yet as mortal as his own. From their distant abode in Redmond. So one never knows. (With apologies to HGW.)

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

2 users thanked author for this post.

HiFlyer, wdburt1

Reply | Quote

Not a problem young @Microfix according to @woody ‘s article:

Microsoft has been trying to recast the Gregorian calendar

It would appear M$ maybe releasing a Patch to fix that lol 😉

2 users thanked author for this post.

Cybertooth, Microfix

Reply | Quote

Microsoft has been trying to recast the Gregorian calendar

So: now MS has a confidential deal with the majority in the Vatican’s College of Cardinals concerning the election of the next Pope: His Holiness Satya Nadella the First.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

2 users thanked author for this post.

HiFlyer, BobbyB

Reply | Quote

Thankfully the above described mess will all go away once Microsoft implements the “Windows Managed Desktop” solution…

Reply | Quote

Microsoft believes that system problems are not the result of their patching errors, their testing methodology or their own unstable hardware and software products – it’s the user, the developers, the third party mystery vendor, the IT moron, business partner products, all non-MS security software, peripherals, government interference and of course the competitors that ate their lunch. If all these irritants would just go away all would be as it should.

Mushroom management, a term used to describe the running of a company where the communication channels between the company executives and the customer do not exist. The term alludes to the stereotypical view of mushroom cultivation: “Kept in the dark and periodically given a load of manure” – slightly edited by me.

3 users thanked author for this post.

ZemplinTemplar, Pepsiboy, Cybertooth

Reply | Quote

Another possibility is “magic mushroom management.” Or, considering that medicinal weed is legal in Washington State, some people at Redmond might need to have their dosage adjusted. But, as it is not unheard of very busy people, senior managers at Redmond might be skipping their regular checkups and tests. Please, let’s show a little more understanding for them and also let’s have a little less complaining here!

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

1 user thanked author for this post.

ZemplinTemplar

Reply | Quote

I doubt anything will change until Windows 10 gets more business adoption.

Microsoft will have to listen to those paying monthly rents. Not doing so would be to bite the hand that feeds them.

And earlier Windows version users will just continue getting more of the same. Serves the impudent wretches right for not upgrading to Windows 10!

Or, as I’m so fond of saying, Microsoft will only start to listen to its users when their senior management is replaced by Cortana. 🙂

 

Hanlon's Razor: Never attribute to malice that which can be adequately explained by stupidity.

3 users thanked author for this post.

HiFlyer, OscarCP, WildBill

Reply | Quote

Every day is patch day.

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

Reply | Quote

Microfix wrote:

Well at this rate, there won’t be enough Tuesday’s in a month and a month won’t be long enough to fix them.

 

Red Ruffnsore

Reply | Quote

Love that term bafflegab – it seems to cover just about everything to do with the patching process. The A week/B week sequence sounds like something a company payroll would use to keep paydays in order.

2 users thanked author for this post.

HiFlyer, Karlston

Reply | Quote

OscarCP wrote:

But, although no one would have imagined this before, in the early years of the XXI Century, we are being watched keenly and closely by (artificial) intelligences greater than man’s and yet as mortal as his own. From their distant abode in Redmond. So one never knows. (With apologies to HGW.)

I prefer to think of it as the eye of Sauron…

2 users thanked author for this post.

HiFlyer, BobbyB

Reply | Quote

Klaas Vaak wrote:

Can those cmd files be shared here? I use WSUS Offline too, but am concerned by what you describe.

I uploaded them to PasteBin so you can copy and paste from there and save your own copies.

install updates and ie11: https://pastebin.com/qbNV1MiT
install dot net and wmf: https://pastebin.com/gTj3HSxs
win7 tweaks: https://pastebin.com/kEp0TED8

Basically I have a dir of all the .msu files and .exe’s; most of these you can get from the Windows Update Catalog, just search for them by the KB#. Put the scripts in the same folder, and then right-click and run as Admin. On a fresh install of 7, I run “install updates and ie11” first, then the “install dot net and wmf”, and then finally, the “win7 tweaks”. I REM or ECHO comment everything that is done, so you can see what is going on (and know they’re not malicious in any way).

Feel free to pass these along to others or use them as you see fit. 🙂

3 users thanked author for this post.

HiFlyer, Jan K., Klaas Vaak

Reply | Quote

@zero2dash: many thanks for that.

1x Linux Mint 19.1 | 1x Linux antiX

Reply | Quote