Win7 and 8.1 to get cumulative updates

[Karlston]

Hard to believe, but starting in October, we won’t have the luxury of vetting patches before they’re dumped.

 

Nathan Mercer on TechNet:

 

Based on your feedback, today we’re announcing some new changes for servicing Windows 7 SP1 and Windows 8.1. These changes also apply to Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2…

 

From October 2016 onwards, Windows will release a single Monthly Rollup that addresses both security issues and reliability issues in a single update. The Monthly Rollup will be published to Windows Update (WU), WSUS, SCCM, and the Microsoft Update Catalog. Each month’s rollup will supersede the previous month’s rollup, so there will always be only one update required for your Windows PCs to get current. i.e. a Monthly Rollup in October 2016 will include all updates for October, while November 2016 will include October and November updates, and so on. Devices that have this rollup installed from Windows Update or WSUS will utilize express packages, keeping the monthly download size small.

 

Over time, Windows will also proactively add patches to the Monthly Rollup that have been released in the past. Our goal is eventually to include all of the patches we have shipped in the past since the last baseline, so that the Monthly Rollup becomes fully cumulative and you need only to install the latest single rollup to be up to date. We encourage you to move to the Monthly Rollup model to improve reliability and quality of updating all versions of Windows.

 

We are planning to add these previously shipped patches over the next year and will document each addition so IT admins know which KBs have been included each month.

 

Also from October 2016 onwards, Windows will release a single Security-only update. This update collects all of the security patches for that month into a single update. Unlike the Monthly Rollup, the Security-only update will only include new security patches that are released for that month. Individual patches will no longer be available.

 

Devil’s advocate: If you can no longer control what Microsoft puts on your Win7 or 8.1 machine, is there any reason to avoid Windows 10?

 

Devil’s second advocate: How can companies cede this kind of control to MS?

 

Source: Win7 and 8.1 to get cumulative updates (AskWoody.com - Woody Leonhard)

[steven36]

LOL i guess they will install  telemetry on Windows 7 and 8.1  now Windows  10 style  so much for being  a better choice ..the only way to escape Microsoft's Wrath will be to never do updates or leave windows all together .

[OrbingStorm]

1 minute ago, steven36 said:

LOL i guess they will install  telemetry on Windows 7 and 8.1  now Windows  10 style  so much for being  a better choice ..the only way to escape Microsoft's Wrath will to never do updates or leave windows all together .

Yep. They must of had a bet in Microsoft to see how many people they could piss off in less than a year.The clincher would be if it included advertising for their products as well.

[Sylence]

1 hour ago, steven36 said:

LOL i guess they will install  telemetry on Windows 7 and 8.1  now Windows  10 style  so much for being  a better choice ..the only way to escape Microsoft's Wrath will be to never do updates or leave windows all together .

 

if it was up to you we all gotta forget Windows and go to Linux, lol still don't wanna come out of the underground you live in?

[straycat19]

3 hours ago, steven36 said:

LOL i guess they will install  telemetry on Windows 7 and 8.1  now Windows  10 style  so much for being  a better choice ..the only way to escape Microsoft's Wrath will be to never do updates or leave windows all together .

 

Guess they figured they were screwing windows 10 users with all the faulty cumulative updates so they should spread the shit around to  7 and 8.1 and screw them up also.  But, SURPRISE, I quit installing updates in May 2015 in both 7 and 8.1.  And guess what, all my  systems are running stable, no malware, no hacks, no BSOD, no crashes, and NO BAD UPDATES to worry about.  Guess there is more than one way to beat Microsoft.  Oh, yeah, my linux systems are running nicely too, thank you.

[Karlston]

18 minutes ago, straycat19 said:

I quit installing updates in May 2015 in both 7 and 8.1.  And guess what, all my  systems are running stable, no malware, no hacks, no BSOD, no crashes, and NO BAD UPDATES to worry about.  Guess there is more than one way to beat Microsoft.

 

Yep. After the September Win 7 and 8.1 updates are claimed to be safe, I'll update those systems and then their Windows Update Service gets disabled.

 

M$ will probably have to update the Windows Updater thingy to handle poisoned-food-hampers cumulative updates so perhaps if those update(s) are rejected we can continue with sensible discrete updates.

[Bausch]

Telemetry has already been pushed for Windows 7 and 8 in previous updates. Microsoft is likely closing the gap between its systems to force reluctant users to migrate to Windows 10.

[SPECTRUM]

lol guys, telemetry exist since Windows XP.

 

or don't you remember error reporting ?

 

telemetry is not spy.

[vissha]

Farewell Patch Tuesday Fragmentation: From October, MS Will Roll Just One Monthly Patch

 

 

Downside: that zero-day is still zero-month

 

As of October, users of Windows 7, Windows 8, and various server products can farewell a Patch Tuesday of downloading multiple files: Microsoft is implementing the monthly patch rollup it promised in May.

 

At the same time, however, Redmond has decided to kill off individual security patches, something that might not please sysadmins. Instead, a monthly security-only rollup will collect “all of the security patches for that month into a single update”.

 

The basic idea is this: instead of individual patches for each platform, for Windows 7.1 SP1, Windows 8, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2, there'll be a single set of updates.

 

The monthly rollups will include security patches and bug fixes, and each month's update will include the previous month's. That will reduce the chance that an update fails because it's got a dependency on a prior update (which, as Microsoft's Nathan Mercer writes in the announcement, can often mean hunting for a file that's hard to find).

 

“From October 2016 onwards, Windows will release a single Monthly Rollup that addresses both security issues and reliability issues in a single update,” Mercer explains, adding that the updates will use express packages to keep the download as small as possible.

 

Servicing Stack and Adobe Flash won't be included in the rollups.

 

Source

[Batu69]

Topic moved from Security & Privacy News forum & merged.

[BimBamSmash]

The only thing that concerns me of this whole cumulative strategy is that in the aftermath of some botched update finding its way to these larger cumulative packs (and let's face it, it usually has less to do with missing dependencies, like they claim it to be), one either removes the the whole suite or wouldn't install the thing in the first place. Still the cat will be out of the hat: Info on what the patch was trying to fix will be out in the wilds and them hacker folks could exploit it while Redmond is busy with making a new fix. That ain't gonna make anything or anyone more secure.

[Ryrynz]

Maybe it's just me, but I prefer my systems to have less issues rather than more.

[steven36]

6 hours ago, SPECTRUM said:

lol guys, telemetry exist since Windows XP.

 

or don't you remember error reporting ?

 

telemetry is not spy.

You remember XP Anti Spy ?  So there's been programs  to block Microsoft Spying  since XP . Therefore many would disagree with you .that care about there privacy

http://xp-antispy.org/en/download/

Windows Customer Experience Improvement Program (ceip) did not exist tell Windows Vista ..Microsoft knows many people hate it already  but they keep testing everyone .

https://technet.microsoft.com/en-us/library/cc766341(v=ws.10).aspx

 

Anything that gathers my data and uses my internet without my permission is a spy and ends up blocked with with my firewall and/or other tools or it is uninstalled .

I dont even open my browser without masking my ip even because most of the internet are spies.

 

If Microsoft didn't think people seen it as a problem  why did they  put opt out switches in Windows 7 and Windows 8 to began with? Many other programs have a opt out that collect data too.

https://pubs.vmware.com/view-51/index.jsp?topic=%2Fcom.vmware.view.administration.doc%2FGUID-BE82165B-13BC-4FD9-A9CF-FBEF6343D98A.html

It suppose to be  voluntary for Windows 7 and Windows 8.1 users  and every since  they made GWX  and put it in Windows 7 they violated there contract with there users.  But this is data that in the background  you can't see  they can take it a step further even  and use it to put adverts  you can see in Windows 7 and Windows 8.1. like Windows 10 has.  You can try to justify M$ dumb shit if you want this only shows  you care more about Microsoft than you're brother .

 

I use windows 10 after all  I block error reporting  and other stuff  in the registry and with my Firewall  and  When Im on Windows 7 or Windows 8.1  if it calls home i will treat it no different but really if all of them are data harvesting  machines what reason would  they be too stay on and old O/S other than maybe you have old software that dont run on Windows 10?. This is a slick move on there part  but also could cause more to leave for other OS that's not windows

 

[steven36]

58 minutes ago, Ryrynz said:

Maybe it's just me, but I prefer my systems to have less issues rather than more.

Windows 7 or Windows 8.1 want never get any more new features,  people have been using these O/S for years with little or no problems .There time proven unlike windows 10.

 

With all the ceip and insiders and everything else Microsoft has it dont cause Windows 10 to have less issues  Redstone one is full of them . As long as Microsoft keeps pushing people on new builds of windows two  times a year windows 10 will remain full of them .Sooner or latter people will grow tired of it and revolt  after Windows botches there PC so many times.

 

From what i  know about patches there much better  than cumulative updates because when Microsoft sends you a botched update that fouls up you're PC you can uninstall  that one update and hide it tell they fix it .  And they sent out bad updates on all Windows before .

[Jordan]

Microsoft to push all-in-one Windows updates

 

Microsoft announced yesterday that it plans to change how patches for previous versions of the company's Windows operating system are made available.

The change affects all client and server versions of Windows prior to the release of Windows 10: Windows 7 SP1 and Windows 8.1 on the client side, Windows Server 2008 R2, Windows Server 2012 and 2012 R2 on the server side. Vista, as usually, is not included in anything anymore.

Microsoft plans to release a monthly rollup patch that includes security and reliability patches in a single update. Additionally, the company plans to ship all security updates of a given month as a single update package as well.

Why Microsoft makes the change

 

Microsoft started to distributed so-called Convenience Rollup updates for Windows 7 SP1, and monthly rollups for non-security updates for Windows 7 SP1 and Windows 8.1 in May 2016.

Based on customer feedback, and Microsoft's own analysis of the update situation on Windows, the company decided to change the current model further.

According to Microsoft, this resolves several of the issues that customers and businesses face when dealing with updates for Windows machines.

Historically, we have released individual patches for these platforms, which allowed you to be selective with the updates you deployed. This resulted in fragmentation where different PCs could have a different set of updates installed leading to multiple potential problems:

• Various combinations caused sync and dependency errors and lower update quality
• Testing complexity increased for enterprises
• Scan times increased
• Finding and applying the right patches became challenging
• Customers encountered issues where a patch was already released, but because it was in limited distribution it was hard to find and apply proactively

Microsoft aims to make the updating process on Windows "more consistent" by introducing the changes.

Windows Update changes in detail

 

Starting October 2016, Microsoft will release a single Monthly Rollup that includes security and reliability patches in a single update.

It will be pushed to Windows Update, WSUS, SCCM and the Microsoft Update Catalog.

Newer rollups supersede previous ones, as they include all the patches they contained. Microsoft notes that express packages will be used to keep download sizes small for devices that have these rollups installed from Windows Update or WSUS.

The company plans to integrate other patches, released previously, to these Monthly Rollup patches. The goal is to include all patches at one point in time to bring all machines running Windows to the same patch level.

Single Security-only Updates

Also starting October 2016, Microsoft will push single Security-only updates to Windows devices. These updates contain all security patches of a given month, but they won't supersede previous security updates.

Microsoft will make them available via WSUS, SCCM and the Microsoft Update Catalog. However, it won't be made available via Windows Update.

This means that the latter change is directed to Enterprise customers and businesses only.

The security-only update will allow enterprises to download as small of an update as possible while still maintaining more secure devices.

Microsoft will update documentation for updates for previous versions of Windows similarly to how it documents the Windows 10 update history.

Closing Words

Patch rollups that contain all updates improve the updating process. All that needs to be done is download a single patch, or two in the case of Enterprise customers, to patch Windows machine fully.

The issue with this approach is that it is no longer possible to remove a faulty patch from a Windows machine. If you know that a certain KB patch is causing issues, you will no longer be able to remove it if rollup patches are installed.

The past has shown that patches may introduce all sorts of bugs, from minor things to systems not starting anymore.

Microsoft did not mention whether patches will still be available for download through other means. It seems likely that they will be made available on the Download Center or via the Microsoft Update Catalog.

This means however more work for users who want to install updates individually on their devices. Third-party software like WSUS may come to the rescue. (Thanks Joe for the tip)

 

SOURCE

[WALLONN7]

1 hour ago, jordan4x said:

The issue with this approach is that it is no longer possible to remove a faulty patch from a Windows machine. If you know that a certain KB patch is causing issues, you will no longer be able to remove it if rollup patches are installed.

 

There was a time when it was believed in the importance of observing the past to not make the same mistakes and strengthen the arrangements...

The past no longer seems to exist for Microsoft...

[Karlston]

12 hours ago, steven36 said:

With all the ceip and insiders and everything else Microsoft has it dont cause Windows 10 to have less issues  Redstone one is full of them .

 

Yep. The much vaunted Windows Insider programme to test updates and reduce toxic updates is a dismal failure.

 

No WIndows Insiders run Avast? Avast has posted an update to solve BSODs on Windows 10 AU.

 

No Windows Insiders run Kaspersky products? Kaspersky have announced that some of their products have problems with Windows 10 AU.

 

No Windows Insiders boot from SSD and have data on other drives? Microsoft have acknowledged that combination to cause serious problems with Windows 10 AU.

 

And now the Microsoft thugs want to inflict the problematic bundled update methodology on Windows 7 and 8.1 users. Probably payback for the ~1 billion who so summarily rejected the Windows 10 "upgrade".

[Karlston]

The InfoWorld article by Woody...

Starting in October, patches will be cumulative and Win7/8.1 customers will effectively cede control of their PCs to Microsoft

Windows 7 and 8.1 have had a good run, but that's about to come to a close. According to new guidelines, Microsoft will start rolling out Windows 7 and 8.1 (as well as Server 2008 R2, 2012, and 2012 R2) patches in undifferentiated monthly blobs. The patches will be cumulative, which eliminates the need to exercise judgment in selecting the patches you want. At the same time, though, the new approach severely hampers your ability to recover from bad patches -- and it allows Microsoft to put anything it wants on your Win7/8.1 PC.

 

If you haven't yet read Nathan Mercer's Aug. 15 post on further simplifying servicing models for Windows 7 and Windows 8.1, I suggest you do so now.

 

To a first approximation, Windows 7 and 8.1 customers have two choices: Stop updating entirely or accept everything Microsoft ships. There are some nuances: Admins for Win 7 and 8.1 PCs attached to an update server will be able to independently juggle the security and nonsecurity blobs, while Home users get both security and nonsecurity patches together. Monthly Flash updates and .Net cumulative updates will roll out independently. (See Paul Krill's InfoWorld article on .Net updating.)

 

It's going to take Microsoft a while to fold all of its old patches into the new scheme, but by and large, starting in October it's Microsoft's way or the highway.

 

As you might expect, many longtime Windows 7 devotees (present company included) are livid. After years of picking and choosing patches based on their KB numbers, Microsoft is taking full control of the billion-or-so Windows machines that aren't yet absorbed into the Win10 fold. If one of the new patches breaks something, your only choice is binary: Remove all of the patches and wait a month for Microsoft to fix the bad one, or suck it up and live with the problem.

 

Those who are skeptical about Microsoft's new approach to snooping -- patch KB 2952664 is frequently mentioned in that regard, but other patches seem suspect -- have reason to don their tinfoil hats. The simple fact is we have no idea what information Microsoft is collecting from Windows 7 and 8.1 systems, and we have no way to find out.

 

What's certain: If you want to keep your PC patched, you won't have much choice.

 

Those who lived through the Get Windows 10 debacle now have even more reason for concern. Instead of pushing back against specific patches, such as the reviled KB 3035583, Win 7 and 8.1 customers will be able to choose between Microsoft's regimen or nothing at all.

 

Even those who are willing to open their machines to Microsoft have good reason to fear bad patches. We've had lots of them over the years. Less than a year ago, for example, Microsoft released, then re-released, then re-re-released Windows 7 security patch KB 3097877, which froze Outlook, blocked Network logons, and killed several programs. Patching Windows 7 and 8.1 is an iffy proposition.

 

We don't have many details about the new approach, but presumably Win 7 and 8.1 will be modified to include the ability to roll back the last patch, much as Windows 10 lets you roll back a cumulative patch. There's no talk of allowing users to preemptively block new patches; there certainly won't be any granularity in the new patching scheme: You either take it or you don't -- and if you stop taking one patch, you stop taking them all.

 

As long as Microsoft doesn't screw up the patches -- and customers are willing to put up with Microsoft's snooping -- this new approach certainly has benefits. Presumably the hours-long waits for Windows Update scans will go away. The new Update routine ("servicing stack") only needs to download the deltas -- the changes from the previous version. Everybody will be running the same version of Windows, which should make it easier to keep the patches working.

 

I say "should" because Microsoft's record ain't so hot. Cumulative updating in Windows 10 has worked well, although there was a problem earlier this month, with a printer bug introduced by the latest cumulative update, that is not yet fixed. Pundits will note that the Win10 installed base is considerably cleaner than the Win7 and Win8.1 jungle. The move to the Anniversary Update, which has been rife with problems, is a different story.

 

Cumulative updating in Office -- that is, Office Click-to-Run -- hasn't been so problem-free. There were significant bugs in December that wiped out Word macros and customizations; two in February that caused documents to freeze on open and knocked out POP3/deleted mail; one in April that crashed Lync/Skype for Business and Outlook; one in June that caused Office apps to throw an error 30145-4; and another in July where Excel won't open renamed HTML files. That doesn't bode well for Windows 7 as a service.

 

Microsoft's been consolidating patches of late -- KB 3161647 can only be installed if you're willing to accept six unrelated patches, for example. At least one InterNet Explorer "security" patch has included nonsecurity fixes as well. You have to wonder if this new approach will further blur the line.

 

Microsoft once again promises to fix its ancient Update Catalog site, which still requires ActiveX and thus Internet Explorer. That's a familiar refrain.

 

There are many unanswered questions. For example, the official announcement says, "The Security-only update will be available to download and deploy from WSUS, SCCM, and the Microsoft Update Catalog." That would seem to imply that sufficiently motivated Windows 7 users who aren't attached to an update server will be able to help themselves to only security patches and shun the nonsecurity patches.

 

It appears there will no longer be identifying information for individual patches. Instead, we'll see "consolidated release notes with the Rollups for all supported versions of Windows." It remains to be seen if that's the death knell for monthly security bulletins. It certainly means we'll see a huge reduction in the number of KB-identified patches.

 

We also don't know what will happen to the distinction between Recommended and Optional patches. Perhaps we'll all get patches for the Azerbaijani Manit or we'll all get tanked by a change to the Russian ruble.

 

Be of good cheer. If the old Windows Update check boxes don't work right, Microsoft can push out an update that removes them or changes what they do. Maybe an unchecked box will become equivalent to the old checked box, or vice-versa. In either case, you won't have much choice in the matter.

 

In this brave new world, one has to wonder if it's worth the effort to fight Windows 10. Microsoft is removing two of the great distinguishing features of Win7/8.1 -- granularity of updates and the ability to control them -- while opening Win7 and 8.1 to the same snooping features that are in Win10. Is resistance futile?

 

The discussion continues on AskWoody.com.

 

Tip o' the hat to @teroalhonen and many others on AskWoody

 

Source: Microsoft changes Win7/8.1 updates, pushes even harder for Windows 10 (InfoWorld - Woody Leonhard)

[Holmes]

Is it really necessary to post the same article from four different websites in those four websites words holy shit talk about overkill the first article from the first website is all we need wtf.  If they release the cumulative updates dont install them standby for two weeks then install them gives them plenty of time to fix bugs.  Its not the end of the world its a pain in the ass yes your alive breathe dont install the cumulative update yet.