Windows 7 servicing stack updates: manage change & cumulative updates

    Windows 7 servicing stack updates: manage change & cumulative updates

    Windows 7 servicing stack updates: manage change & cumulative updates


    Last Updated: 22 Sep 2018 at 13:05
    For many of you managing a Windows 7 infrastructure today, monthly servicing is primarily about making sure that you are installing the latest security patches on your devices and staying current. To simplify the servicing process (in addition to complexity and cost), we aligned our Windows 7 servicing model—consisting of Monthly Rollups and Security-only updates—to the update model we use with Windows 10. Instead of tracking and installing multiple, individual patches, you only need to install a single, cumulative patch each month to ensure that your systems have the latest updates.

    Despite this simplified servicing model, some Windows 7 devices recently experienced issues installing either the August or September 2018 Monthly Rollups or Security-only updates. The intent of this blog is to share why these issues occurred, what we are doing about it, and how this relates to Windows 10 cumulative updates.

    To tell this story, we need to travel back to October of 2016, when we released the Windows 7 Service Pack 1 (SP1) servicing stack update (KB 3177467). Servicing stack updates, or SSUs, are periodic updates released to specifically service or update the software stack for Windows platforms. These are fixes to the code that process and manage updates that need separate servicing periodically to improve the reliability of the update process, or address issue(s) that prevent patching some other part of the OS with the monthly latest cumulative update (LCU).

    Servicing stack updates ensure that you have a robust and reliable servicing stack so that your devices receive and install Microsoft security fixes. That is why, when we released the Windows 7 SP1 servicing stack update (KB 3177467) it was marked “critical.” Because it was not categorized as a security fix; however, many organizations missed the update and decided to install only the default monthly security fixes instead of the full servicing stack update.

    Fast forward to August 2018, when the Windows 7 SP1 Monthly Rollup (KB 4343900) was released. Customers who had not installed the critical Windows 7 SP1 servicing stack update (KB 3177467) were unable to install the August 30th Monthly Rollup Preview (KB 4343894), the September 11th Monthly Rollup (KB 4457144), or the September 11th Security-only update (KB 4457145)—and received “error 0x8000FFFF.” Installing the October 2016 Windows 7 SP1 servicing stack update (KB 3177467) first, and then applying the August 30th or September 11th, 2018 updates mitigates this issue.

    We test our monthly patches on fully patched, up-to-date systems, which is why this issue was not seen in our testing, or by any of our preview partners.

    To ensure that you don’t run into issues like this again, the Microsoft Windows Servicing and Delivery team has updated all release notes with guidance to install the latest servicing stack update for your platform before installing the latest cumulative update (LCU).

    Going forward

    An up-to-date, healthy servicing stack is critical to ensure that monthly security fixes can be efficiently and predictably installed on devices. As noted, when a servicing stack update does not exist, there is a risk that a device cannot be patched and kept secure. This makes a servicing stack update a key part of the security patch payload. However, the Windows 7 update technology, and patch installation chronology requires the servicing stack update to be handled separately from the monthly Security-only updates.

    Starting with the October 2018 Update Tuesday, we are going to reissue the Windows 7 Service Pack 1 (SP1) servicing stack update (KB 3177467) and tag it as a security update to unblock any remaining customers from installing the August 2018 or later monthly Security-only updates.

    To ensure our customers do not encounter this specific situation again, going forward, if we release a new servicing stack update, it will be marked as “security,” not just “critical,” so that it is included by those customers who are installing only tagged security fixes.

    A new appreciation for cumulative updates

    In this post, I have addressed only Windows 7 servicing stack updates. That is because we specifically addressed this complexity and exposure in Windows 10 with the cumulative update model. Today, we test each month’s patches against a known configuration of Windows 10 before we ship a release. Each update includes all the previous fixes necessary to bring a device forward to a fully patched and current state, provided it has the latest monthly update installed.

    If you have any questions, please reach out to me here on Tech Community or on Twitter @johntwilcox.


    Source: Windows 7 servicing stack updates: managing change and appreciating cumulative updates - Microsoft Tech Community - 260434
    Brink's Avatar Posted By: Brink
    22 Sep 2018


  1. Posts : 87
    Mixed
       #1

    too bad the cumulative update model in 10 is garbage.
      My Computer

  2. ThrashZone's Avatar
    Posts : 7,128
    3-Win-7Prox64 2-Win10Prox64
       #2

    Hi,
    Just updated this month only because the last update was from November of 2017 lol no errors doing so
    Only did it because it has office on it.
    Might restore back because of weirdness but disabled the meltdown nonsense and it's doing better so might leave it as is for a little longer.
      My Computers

  3. lx07's Avatar
    Posts : 5,479
    2004
       #3

    Diceman2037 said:
    too bad the cumulative update model in 10 is garbage.
    It really isn't. The 6 monthly upgrade is garbage (well too fast) but cumulative updates are excellent. Better than the 721 separate ones on 7 anyway...
      My Computer


  4. Posts : 87
    Mixed
       #4

    it really is, and anyone who says it isn't is ignorant and has no idea what they are talking about.

    Take the new intel microcode update that just got pushed with the cumulative, you can't choose not to have it installed, meaning your overclocks are broken just to have the latest security and fixes installed.


    Windows 10 has far higher incidences of update related issues than 7 ever had.
      My Computer


  5. Posts : 8
    Windows 10
       #5

    I have used cumulative updates for Windows 10 since the days of 1507, treated them as "Service Packs" and have had little to none issues.

    If I install the OS from scratch and install the latest CU available at the time I'm pretty much set for a good while (months)

    Call me ignorant and inexperienced but updating Windows this way have never been easier.

    The reason for people having issues with Windows 10 and updates might be related to updating to much and to frequently.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 20:41.
Find Us




Windows 10 Forums