An insight into two upcoming modifications to the servicing model for Windows 7 SP1, Windows 8.1, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2, reveals that “customers PCs using Windows Update willn’t be impacted, while enterprise customers using update management tools will benefit from these improvements.”
Since October, this new servicing has provided customers a consistent model for staying current and secure—”with new fixes releasing as a Monthly Rollup and a Security Only update on Update Tuesday, and a Preview Rollup on the following Tuesday,” says Microsoft.
The company notes, that “months with no new Windows security or reliability fixes willn’t have a Security Only or Monthly Rollup release.” Similarly, “months with no new reliability fixes to preview willn’t have a Preview Rollup.”
With the Security Only updates modifications outlined below, “enterprise customers using update management tools such as WSUS or System Center Configuration Manager will now have increased flexibility and simplicity in their deployments.” Additionally, “Windows Update users will continue to stay up-to-date through the Monthly Rollups.”
The model is further simplified for the update deployment scenarios with changes include:
Both, Monthly Rollups and Security Only updates available on WSUS and Microsoft Update Catalog, are now published with “Security updates” classification, enabling enterprise customers to sync and deploy both updates per their settings.
To further simply installation and deployment, the servicing model was updated in Dec, with that in place “a Security Only update willn’t be offered, where a Monthly Rollup [from the same or later month] is already installed—which is accomplished through “an applicability definition on Security Only update, which checks Monthly Rollup installation,” —for example, “if an attempt to install February 2017 Security Only update is made, and the February 2017 or later Monthly Rollup is already installed, Windows Update client will now report the Security Only update as not applicable,” explained the WSUS team.
In addition, “tools that leverage such applicability for deployment reporting would see the Security Only update as not needed on the PC.”
Additionally, as of Dec, “Security Only updates from [Oct and Nov. 2016] now leverages this applicability check, so it’s now applicable to all Security Only updates released in the new servicing model.”
Finally, this applicability definition also checks, “the installation of a Preview Rollup from the same or later month,” which also includes the security fixes for that month.
Reducing the Security Only update package size, with starting February 2017, “it will not include updates for Internet Explorer,” and “the IE update will again be available as a separate update for these operating systems.”
Though, this separation will significantly reduce the Security Only update package size, but keep in mind to deploy IE update to remain secure.” Also, note that IE update willn’t install or upgrade to latest supported version of IE “if not already present.”
The Monthly Rollup, however, will continue to include updates for IE, as a single additive update, with “all security and reliability fixes since the beginning of the new servicing model in October 2016.”
To simplify Monthly Rollup installation for users, “new IE update will leverage same installation applicability definition as the Security Only update,” meaning it’ll not install, “if already a Monthly Rollup or Preview Rollup from the same or later month is installed.”
The following table highlights the inclusion and applicability for these updates: