New Windows 7 and 8.1 patches usher in the future of rollup updating

[Karlston]

It remains to be seen whether Microsoft's new experiment with non-security patch rollups will work

Yesterday Microsoft released a massive set of updates for Windows 7. Strip away the politics, and KB 3125574 stands in as Windows 7 Service Pack 2. (If Microsoft released a "real" Service Pack, one would expect an extension to the Windows 7 end of support date.)

 

As part of that announcement, Microsoft engineer Nathan Mercer promised us a change in the way non-security patches for Win7 and Win8.1 would be released:

Non-security updates for Windows 7 SP1 and Windows 8.1 (as well as Windows Server 2008 R2 SP1, Windows Server 2012 and Windows Server 2012 R2) will be available as a monthly rollup (fixes rolled up together into a single update).  Each month, we will release a single update containing all of the non-security fixes for that month.  We are making this change -- shifting to rollup updates, to improve the reliability and quality of our updates. These fixes will be available through Windows Update, WSUS, and SCCM as well as the Microsoft Update catalog.  We hope this monthly rollup update simplifies your process of keeping Windows 7, and 8.1 up-to-date.

Right on cue, last night Microsoft released its first monthly rollup of patches for Windows 7 and Windows 8.1. You probably woke up to a new set of patches in Windows Update. On your Windows 7 systems, you should see these optional, unchecked, patches:

 

• KB 3123862: Updated capabilities to upgrade Win7 and 8.

 

This is version 3 of the same patch that was released on Feb. 3 and again on Feb. 9. As I explained in February, it's a mystery patch that "ties into Windows 10 upgrades through means unknown." A lengthy Reddit diatribe sheds much heat but no light on the patch, and I couldn't find any official details. KB 3123862 first appeared on Feb. 3 as an optional, unchecked patch. A week later it turned into a "recommended" checked patch, meaning it installed itself on computers with Automatic Update enabled. No idea if the same fate awaits users with this version.

 

It's worth noting that earlier incarnations of this patch obeyed Microsoft's GWX-blocking registry settings. My tests show that this version follows Microsoft's rules of engagement as well. Running GWX Control Panel neutralizes pushy Get Windows X behavior. If you decide to install this optional patch, and you don't intend to upgrade to Windows 10 any time soon, it would behoove you to run GWX Control Panel and nip any Win10 aspirations in the bud.

 

• KB 3125574: Convenience rollup update for Windows 7 SP1 and Windows Server 2008 R2 SP1.

 

Microsoft told us yesterday that this "convenience update" wouldn't roll out through Windows Update. ("[It] is completely optional; it doesn't have to be installed and won't even be offered via Windows Update -- you can choose whether or not you want to use it.") This morning there appears to be a change of heart.

 

I've installed KB 3125574 on a couple of test machines, and can verify that the GWX Control Panel blocking registry settings are honored. There's no GWX icon in the system tray, no GWX scheduled programs, no bloated hidden folders. KB 3125574 appears as a single entry in my update history, although I haven't yet taken the plunge to uninstall it.

 

What concerns me most about KB 3125574 is that we don't have a definitive list of which KB patches are included in the uber-patch.

 

As described in Mercer's TechNet blog post, KB 3125574:

Contains all the security and non-security fixes released since the release of Windows 7 SP1 that are suitable for general distribution, up through April 2016.  Install this one update, and then you only need new updates released after April 2016.

Which brings me to:

 

• KB 3156417: May 2016 update rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1.

 

This is the first of the new breed of non-security patches. According to the KB article, it includes just two fixes, KB 3155039 and KB 3155218, both of which are relatively benign. As of early Wednesday morning, the KB articles for those two fixes aren't available.

 

I installed KB 3156417 on a test machine and found that only the rollup envelope patch, KB 3156417, appears in the list of installed updates. That may present a problem, because neither KB 3155039 nor KB 3155218 can be uninstalled individually. You either remove the whole rollup -- both individual patches -- or leave it intact.

 

There's also a tag-along patch:

 

•  KB 3139923: MSI repair doesn't work when MSI source is installed on an HTTP share in Windows.

 

It looks like this one was released separately -- outside of KB 3156417 -- because it applies to both Win7 and Win8.1. I guess the update rollup concept still has a few idiosyncrasies.

 

The Windows 8.1 patches released include KB 3123862 and 3139923, described earlier, as well as:

 

• KB 3156418: May 2016 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2.

 

This patch is odd because there was no previous massive rollup, and it isn't clear if you have to install all previous Win 8.1 patches prior to this one. KB 3156418 contains three patches "for Home users" and 19 "for IT professionals," all of which are listed individually in the KB article.

 

This new approach to non-security patches will no doubt prove divisive. What if one of the component pieces of an update rollup crashes some systems? What if one of the components includes suspected "snooping" or "Win10 update" components that some Win 7 or 8.1 customers don't want?

 

At this point, we just don't know.

 

Quality will be key. If the rolled-up patches all work flawlessly, those with tinfoil hats (including me) can figure out how to cope with the fallout. But if there's a bad patch in a rollup, life's going to get very complicated, very quickly.

 

Do the math. If there's a 0.01 percent chance of any individual patch going haywire, and you stick 10 or 20 patches together in a rollup, what are the chances the whole rollup rolls over and plays dead?

 

Source: New Windows 7 and 8.1 patches usher in the future of rollup updating (InfoWorld - Woody Leonhard)

 

[vibranium]

KB3125574 has fewer details than a service pack KB. But you may want to read this:

 

Spoiler

 

Prerequisites

To apply this update, you must install Service Pack 1 for Windows 7 or Windows Server 2008 R2 (KB976932) and April 2015 servicing stack update for Windows 7 and Windows Server 2008 R2 (KB3020369).

 

 

 

Spoiler

 

More information

 

We intentionally did not include any specific post-Service Pack 1 updates in convenience rollup 3125574 for which the following conditions are true:

• They don’t have broad applicability.
• They introduce behavior changes.
• They require additional user actions, such as making registry settings.

You may download and install such fixes manually after you determine whether they apply to your deployment scenarios. Specifically, the following fixes are not included in this convenience rollup:

2620264 You cannot start any RemoteApp applications through a Windows Server 2008-based or later Terminal Server or RD Gateway
2646060 An update that selectively disables the Core Parking feature in Windows 7 or in Windows Server 2008 R2 is available
2647954 The PIN dialog box does not appear or you are presented with all the certificates in the store when you try to access a WebDAV server in Windows 7 or in Windows Server 2008 R2
2663685 Changes that are not replicated to a downstream server are lost on the upstream server after an automatic recovery process occurs in a DFS Replication environment in Windows Server 2008 R2
2695321 IPsec session takes 5 to 6 minutes to connect to a storage controller on a computer that is running Windows Vista, Windows Server 2008, Windows 7, or Windows Server 2008 R2
2727994 You cannot open or save Office 2010 documents on a WebDAV file server on a computer that is running Windows 7 or Windows Server 2008 R2
2728738 You experience a long logon time when you try to log on to a Windows 7-based or a Windows Server 2008 R2-based client computer that uses roaming profiles
2750841 An IPv6 readiness update is available for Windows 7 and for Windows Server 2008 R2
2752259 An update that improves the performance of the Printbrm.exe command-line tool in Windows 7 or in Windows Server 2008 R2 is available
2891144 Application does not draw polylines correctly when you run it through an RD Session in Windows Server 2008 R2 SP1
2898851 Description of the security update for the .NET Framework 3.5.1 on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1: May 13, 2014
2907020 "Location is not available" error when you access a mapped network drive after Windows standby or resume
2918833 Third-party IMEs give users unprotected access to your Windows 7-based or Windows Server 2008 R2-based system
2923766 Black screen when you plug in a monitor on a computer or open a lid of a laptop that is running in Windows
2925489 You cannot establish an IPsec connection with certain third-party devices in Windows
2990184 A FIPS-compliant recovery password cannot be saved to AD DS for BitLocker in Windows 7 or Windows Server 2008 R2
2781512 - WinRM operations to Hyper-V fail on a Windows 7 SP1-based or Windows Server 2008 R2 SP1-based computer that has Windows Management Framework 3.0 installed
2823180 - Update is available for Windows Management Framework 3.0 in Windows 7 SP1, Windows Server 2008 R2 SP1, or Windows Server 2008 SP2
2802886 - You cannot register an SPN from a Windows 7, Windows 8, Windows Server 2008 R2 or Windows Server 2012-based client computer in a disjoint namespace
2842230 - "Out of memory" error on a computer that has a customized MaxMemoryPerShellMB quota set and has WMF 3.0 installed
2887064 - The Start-Process cmdlet ignores the "-Wait" parameter when the cmdlet is started remotely on a Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Vista SP2, or Windows Server 2008 SP2 computer that has Windows Management Framework 3.0 installed
2889748 - High memory usage by the Svchost.exe process after you install Windows Management Framework 3.0 on a Windows-based computer
2830615 - $MyInvocation.MyCommand object is set to null when you run the script by using PowerShell 3.0 in Windows 8 or in Windows Server 2012

 

This convenience rollup also does not include any of the servicing updates for Internet Explorer. If you require the servicing updates for Internet Explorer, download and install the latest Security update for Internet Explorer.

 

 

 

For convenience, go to direct download links for KB3125574-V4
32-bit

64-bit

 

[luisam]

After I installed Windows 7 SP1 update, somehow the update procedure got blocked, got no results even after 2 - 3 hours of searching.

Took me some time of research to find out how to install KB3020369 and then the rollup update for Windows 7 SP1; the trick is stopping Windows Update service before starting the installing procedure.

Actually, once installed this update pack, the updating issue of Windows 7 was solved.