Next week, on Oct. 11, Microsoft will begin patching Windows 7, 8.1, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 in a new, previously announced way.
The coming changes are big, welcomed by some, and feared by others. Microsoft's record of releasing faulty patches has more than a few admins wondering if the convenience of patch rollups will be worth the trade-off.
A rollup is simply multiple patches rolled together into a single update. These rollups will replace individual patches for the above-mentioned versions of Windows and Windows Server. Each monthly rollup will supersede the previous month's rollup. The ultimate goal is for these monthly rollups to become fully cumulative, which will happen as the team adds patches released in the past, so users need only to install the latest single rollup.
In today's blog post, Microsoft officials said the company will be releasing the following starting next week:
1. A security-only quality update, which will include all new security fixes for that month, will be published only to Windows Server Update Services (WSUS) and used by Configuration Manager and the Windows Update Catalog.
2. A security monthly quality update (also known as the "monthly rollup") that will contain all new security fixes for a month (the same ones in the security-only quality update), plus fixes from all previous monthly rollups. This one gets published to Windows Update for consumer PCs, WSUS, and the Windows Update Catalog.
3. A preview of the security monthly quality rollup (also known as the "preview rollup") that will contain a preview of new, non-security fixes that will be in the next monthly rollup, plus fixes from all previous monthly rollups. The security-only quality update will be on Patch Tuesday (or "B" week in Microsoft parlance).
The security monthly quality rollup (aka monthly rollup) will also go out on Patch Tuesday (or "B" week). And the preview of the security monthly quality rollup (aka preview rollup) is coming on the third Tuesday of the month, known as "C" week. There will also be .NET Framework monthly rollups and Internet Explorer updates going out simultaneously.
Admins are going to have a couple of choices as to how to handle these updates. Microsoft's preference, not too surprisingly, is that admins install all the security and non-security updates as Microsoft releases them. Another option: admins install all security fixes, but no other fixes, or they install all security updates as they're released by Microsoft and only some non-security fixes.
The real question on many admins' minds is what happens if an update causes an issue. Microsoft's recommendation is for companies to always implement a "ringed" deployment approach for updates: first, installing them among the IT organization, then to one or more pilot groups, and finally one or more broader development groups to contain potential damage, the blog post notes.
Guess we'll find out starting next week how this new rollup patching plan goes....