reader comments 24
With Windows 10, Microsoft shook up the long-standing Windows patching model. Instead of producing individual hotfixes for each security flaw and infrequent updates to address non-security issues, Windows 10 has two monthly packages. There’s a Security Update—a single update that contains all of a given month’s security fixes—and a Cumulative Update that contains all of the security and non-security fixes for a given version of Windows 10.
Microsoft has also retroactively applied this updating approach to Windows 7 and 8.1; those operating systems also have a third package containing only the Internet Explorer security fixes.
With the Creators Update, Microsoft is now adding another monthly package. Starting with Windows 10 1703 only, the company will also offer a cumulative non-security update. This will contain all the non-security fixes released for a given version.
This is being done to align with the categorizations and policies used in Windows Server Update Services (WSUS) and System Center Configuration Manager (SCCM). Because of their security content, the full Cumulative Updates are classified as Security Updates in WSUS and SCCM. The new non-security packages will merely be classed as Updates, or occasionally as Critical Updates, depending on the severity of the issues they fix.
This split packaging (and split classification) should make it easier for organizations to, for example, deploy Security Update very quickly but hold the non-security portion back so that it can be more thoroughly tested and validated. Systems that are set to skip “quality updates” will skip these packages, picking up only the security updates.
Microsoft’s blog post implies, but does not outright state, that these non-security cumulative updates will be published ahead of the Patch Tuesday updates, enabling organizations to test the non-security elements of each month’s fixes ahead of time. And lo, a new Cumulative Update for Windows 10 version 1703 has just been published, and it’s described as a non-security fix. It appears that the update will be automatically delivered and installed on consumer systems, meaning that Windows is going up from one reboot a month to two.