Microsoft yesterday announced that beginning in October it will offer only cumulative security updates for Windows 7 and 8.1, ending the decades-old practice of letting customers choose which patches they apply.
"Historically, we have released individual patches ... which allowed you to be selective with the updates you deployed," wrote Nathan Mercer, a senior product marketing manager, in a post to a company blog. "[But] this resulted in fragmentation where different PCs could have a different set of updates installed leading to multiple potential problems."
Instead, only cumulative security and performance updates will be offered. "Individual patches will no longer be available," Mercer said.
The new maintenance model for Windows 7 and 8.1 was a direct transplant from Windows 10, which has always relied on cumulative updates that include the contents of all previous releases along with the new fixes.
But cumulative also refers to the gestalt of Windows 10 updates: They're entities that cannot be broken into their parts.
When Windows 10 debuted, Microsoft made it clear that updates were all-or-nothing. Customers -- those who had a choice; consumers did not -- had to accept the whole or forego patching. Users could not apply one individual patch and reject others, or more likely, accept most fixes but block one or more that had proved flawed and sometimes even dangerous.
The cumulative update practice has now been extended to Windows 7, Windows 8.1, and versions of Windows Server up to 2012 R2.
Part of the new practice had been mentioned earlier. In May, when Microsoft released a roll-up for Windows 7 -- essentially a second "service pack" -- the firm also said that all non-security bug fixes for Windows 7 and 8.1 would soon start appearing in monthly cumulative updates. At the time, Microsoft did not hint that it would expand the policy to security patches as well.
Starting in October, still-supported versions of Windows with the exception of Vista, will be offered only cumulative packages. One of those packages will bundle security and non-security fixes, while the other will be security patches only.
Customers who receive patches and bug fixes via Windows Update -- the consumer-grade maintenance service -- will automatically get the security/non-security cumulative update; they will not have a choice. However, businesses deploying updates using Windows Server Update Services (WSUS), System Center Configuration Manager (SCCM) or the Update Catalog download site, may pick between the security-only or the combined security/non-security updates.
"The security-only update will allow enterprises to download as small of an update as possible while still maintaining more secure devices," Mercer said.
Mercer touted the change to the Windows 10 model as a boon to customers, ticking off benefits ranging from fewer updates to reduced scanning time. "The outcome increases Windows operating system reliability by eliminating update fragmentation and providing more proactive patches for known issues," Mercer contended.
Sign up for CIO Asia eNewsletters.