Microsoft asked for a lot last year. It asked enterprise IT administrators to upend ingrained patching practices. It asked them to make radical changes to how they maintain Windows 7 deep into its lifecycle, when there were just three years and change remaining before retirement, a phase most admins probably thought they’d be coasting as they prepped for Windows 10. It asked customers to absorb new terminology. And it changed the rules more than once after the new process debuted.
In return, users had questions – ans still do. The top query may seem among the simplest – what’s the difference between the two types of Windows 7 updates now offered – but as Computerworld found out, appearances are deceiving.
What’s in the security-only update? Just as the name implies, this update includes only security-related fixes, the kind that Microsoft has issued for 14 years on the second Tuesday of each month (aka “Patch Tuesday”).
Just as important, though, is that the security-only update contains this month’s fixes, and nothing more. (Again, that characteristic is what has defined Windows patches for years.)
What’s in the monthly rollup? The Windows 7 and 8.1 monthly rollups include not only this month’s security patches, but also all past security and non-security fixes, going back to at least October 2016, and possibly further. In other words, a monthly rollup is a superset of the month’s security-only.
Side note: “Rollup” is a term Microsoft has used for ages to label catch-up updates, those that bring a program or operating system up to current status by bundling all past fixes. (Usually from a specific point in time, say, the last major release, which in the past were called “service packs” and abbreviated to “SP” as in “SP1” to designate the first such collection.)
Microsoft has touted rollups as a customer convenience, because they allow a long-out-of-date PC to be made current with just one download and install, rather than being forced to retrieve scores, maybe hundreds, of individual updates. That’s exactly how the company described what it dubbed the “Windows 7 SP1 convenience rollup” it issued in May 2016.
“Install this one update, and then you only need new updates released after April 2016,” Microsoft said at the time of the convenience rollup, which preceded and presaged the monthly rollups announced three months later.
Who can get security-only updates? Only organizations that service devices using Windows Server Update Services (WSUS), System Center Configuration Manager (SCCM) or a third-party platform that taps into WSUS.
Why’s that? Microsoft has never put it this plainly, but it’s clearly a bone thrown to the most valuable customers – enterprises and other business or educational organizations of size – to make the 2016 switch to cumulative updates for Windows 7 more palatable.
Windows 10 users weren’t given options like this; on that OS, it’s cumulative updates – another label for monthly rollups – or nothing.