X
Business

Windows 10 updates still largely opaque

The details Microsoft provided for the Patch Tuesday updates to Windows 10 are vague and unactionable, but that's usually all we've ever gotten from them.
Written by Larry Seltzer, Contributor

As promised, Microsoft has begun providing release notes on the updates to Windows 10. Terry Myerson, Microsoft Executive Vice President of Windows and Devices, said "starting next month, Microsoft will take a first stab" at providing this documentation. The company's "first stab" at providing information on updates to the user didn't cut very deep.

I was never all that clear on what users were looking for, but I don't feel any better informed by the Windows 10 update history page provided by Microsoft. It consists of a bullet list with a sentence, perhaps even just a sentence fragment, on the purpose of the update. Some examples:

  • Fixed issue that delayed the availability of songs added to the Groove Music app in Windows 10 Mobile.
  • Improved security in the Windows kernel.
  • Improved Silverlight performance.
  • Fixed issue that didn't allow a Windows 10 PC to remotely configure a server.

You can go a step further and examine the KB articles on the Windows 10 cumulative updates, links to which are provided on the update history page: KB3135173 and KB3135174.

These pages have links to other pages with better detail on the updates. For instance, the reference above to security in the Windows kernel probably refers to MS16-013: Security update to Windows Journal to address remote code execution. This is the headline bug of the month, the one that affects all Windows versions and which we told you need to patch pronto.

That bulletin file and its associated KB file have a lot more information on the bug, reported to Microsoft by Rohit Mothe of VeriSign iDefense Labs, and on the update, such as what versions of Windows it affects, prior updates it replaces, whether there are workarounds and the specific files included in the update. This is a lot of information, but there's a lot of information not there too.

All this information has always been there, even for Windows 10. If you wanted to find it you didn't have to look very hard, and the new update history page is only very slightly helpful in finding the information.

And it's worth pointing out that these are only the update details Microsoft has disclosed. It's been clear to me for years that they provide many silent vulnerability fixes.

Microsoft provides separate non-security updates on a different schedule and they never provide any meaningful detail on them. One recent update, issued February 2 and entitled "Compatibility update for upgrading Windows 7" contains as a description: "[t]his update helps Microsoft make improvements to the current operating system in order to ease the upgrade experience to the latest version of Windows." That's it. Very often these updates fix non-security bugs; what were they? It might be useful to know.

Over the years we've gotten a lot more information from Microsoft (and most other vendors) on security fixes, but there's a lot they don't tell us and perhaps it's better that way. The information is only there because enough people demanded it. Nobody's demanding information on the non-security updates and so they tell us nothing. Microsoft is actually more forthcoming with this information than other major vendors, but let's not kid ourselves that they're all that open. They don't say any more than they think they have to.

Editorial standards