Microsoft just released another patch for Win10 Creators Update. KB 4016240 brings the 1703 build number up to 15063.250. That’s quite normal for a ne
[See the full post at: Just when you thought it couldn’t get any more complicated, Creators Update gets a new kind of patch, KB 4016240]
|
Patch reliability is unclear, but widespread attacks make patching prudent. Go ahead and patch, but watch out for potential problems. |
-
Just when you thought it couldn’t get any more complicated, Creators Update gets a new kind of patch, KB 4016240
- This topic has 26 replies, 11 voices, and was last updated 7 years, 12 months ago.
AuthorViewing 5 reply threadsAuthor-
It’s geared towards larger organizations that use WSUS or WUFB, not to the clients that take updates directly from Microsoft Updates.
This gives system admins a bit more granularity on which classification of updates to accept for their networks month to month. (I was one of the admins that requested this feature for business networks.)
So: Now we can choose only security updates, only critical updates, or feature updates separately and on separate schedules. For example with this separation — I can allow criticals the day they are released, feature updates a month later, and security updates the week (say – Friday evening) they are released.
~ Group "Weekend" ~
4 users thanked author for this post.
-
-
1 user thanked author for this post.
-
-
-
-
-
This gives system admins a bit more granularity on which classification of updates to accept for their networks month to month.
More details, please! I see where the Win7 patching method of separating Security-only and Monthly Rollup patches help with WSUS. But I don’t understand how this combination of Non-Security-Only and Monthly Rollup helps. Are the Non-Security-Only patches really cumulative? Or is that a typo? Thanks!
My understanding is they are cumulative, and are likely analogous to the Preview early patches for the current release builds. (My understanding may not be 100% how MS would like to present them.)
The major value is we can test on a subset of our domain workstations before they are released, again much like preview, but for WSUS management.
I am not at all certain you would see these patches outside a managed update environment.
It’s worth noting that the Preview ring is not an option for machines joined to a WSUS managed network, which means for us to test that ring we have to have stand-alone workstations – which invalidates (IMO) the testing.
So in short, I <span style=”text-decoration: underline;”>think </span>what we are seeing is a WSUS friendly workaround for the Preview Ring.
~ Group "Weekend" ~
2 users thanked author for this post.
-
I am not at all certain you would see these patches outside a managed update environment.
I believe that the current non-security CU is released to the common Windows Update, outside of WSUS.
There may be a good reason for this behaviour, which is the classification of the current update as Critical Update instead of the more commonly intended Update.2 users thanked author for this post.
-
-
Always give Michael Niehaus the benefit of the doubt at MS – he’s one of the few people that gets it and is really trying to refine the way that we do patching and general OS management. He created MDT, was instrumental with nano server, etc etc.
With this change adding all of the granularity for the Enterprise folks, this should resolve a bunch of issues on the enterprise WSUS end of things for patch management.
According to the WUShowHide tool on my Win 10 (15063.138) test system there are no available updates at this time for Win 10 Creators from the online Windows Update servers, so this update truly seems to be not yet available via the normal “public beta tester” means?
-Noel
2 users thanked author for this post.
-
-
According to the WUShowHide tool on my Win 10 (15063.138) test system there are no available updates at this time for Win 10 Creators from the online Windows Update servers
didnt show on my WSUS show & Hide yesterday (only Dvrs) but it was there at approx 1400MST and as soon as you “Zero” the defer updates option and hit “check” it gets installed,
I’ve got it on my test machine. Noel, any chance you have the update blocked?
2 users thanked author for this post.
-
-
-
Well further to the “Major slowdown” post kb4016240 install & using WSUS show & Hide. It would appear that if you have both updates deferred settings set in in Settings->updates ETC->Advanced panel then if you run WSUS show & Hide it wont show the update in waiting i.e. kb4016240.
Basically never got to the bottom of the “major slowdown” (press. of work & all that) running post uninstall DISM clean up, restore health returns an error outlined here
http://borncity.com/win/2017/04/26/windows-10-v1703-fix-for-dism-error-0x800f081f/
I reapplied 15063 to the same VHD and sure as anything WSUS Show & Hide didnt pick up kb4016240 (see below) So it would appear that WSUS S&H cant be relied on if you have updates deferred. As for the slowdown never got to the bottom of it as removing the errant update didnt help at all. Probably to use WSUS S&H its better to use the GPedit setting to change the freq. of checking for windows updates, disable the defer setting temporarily then check.
May be they should change TGIF to TGIV (Thx Gdnss Its a Vhd 😉 )
1 user thanked author for this post.
-
-
-
Hm, Settings comes right up here.
I was able to figure out why the Apps came back and kept coming back after a reboot… The system was running the App Readiness service as though I was a new user all giggling and ready for all the great new Apps.
Thank Goodness THAT’s Disabled now.
-Noel
1 user thanked author for this post.
-
-
-
@Noel further to you comment above well threw it in a VHD and then installed kb4016240 from the desktop and “et voila” no problems. whether its a problem with the VHDX format or VHD who can tell? as I know there’s a couple more updates apparently lurking out there (KB402001/2) I tossed a screenshot in (yeah I have been known to sleep on occasion lol 😛 )
the office got updated or started updating while I was away from my desk as normally WSUS S&H will show them. theres a couple of links youve probably seen them but for anyone else following this it may be handy
https://www.ghacks.net/2017/04/25/microsoft-to-offer-more-updates-for-windows-10/
https://www.ghacks.net/2017/04/26/kb4020001-and-kb4020002-for-windows-10-1703-released/
I am getting the impression WSUS S&H may not be the solution to all but still a mega handy tool to be sure. Probably going to go back to using block driver updates using GPOL, thats if I decide to go “live” yet with 1703 after all its still early days and theres a lot of stuff, Data & settings to be redone. 🙁1 user thanked author for this post.
-
Yep. I’ve been urging folks to wait until it’s cleared as “Current Branch for Business.”
Installing it now is begging for problems.
2 users thanked author for this post.
Viewing 5 reply threads
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
Tracking content block list GONE in Firefox 138
by 1 hour, 19 minutes ago
-
How do I migrate Password Managers
by 41 minutes ago
-
Orb : how fast is my Internet connection
by 5 hours, 40 minutes ago
-
Solid color background slows Windows 7 login
by 7 hours ago
-
Windows 11, version 24H2 might not download via Windows Server Updates Services
by 5 hours, 31 minutes ago
-
Security fixes for Firefox
by 5 hours ago
-
Notice on termination of services of LG Mobile Phone Software Updates
by 17 hours, 44 minutes ago
-
Update your Apple Devices Wormable Zero-Click Remote Code Execution in AirPlay..
by 1 day, 2 hours ago
-
Amazon denies it had plans to be clear about consumer tariff costs
by 17 hours, 49 minutes ago
-
Return of the brain dead FF sidebar
by 5 hours ago
-
Windows Settings Managed by your Organization
by 4 hours, 8 minutes ago
-
Securing Laptop for Trustee Administrattor
by 5 hours, 9 minutes ago
-
The local account tax
by 6 hours, 21 minutes ago
-
Recall is back with KB5055627(OS Build 26100.3915) Preview
by 1 day, 15 hours ago
-
Digital TV Antenna Recommendation
by 1 day, 8 hours ago
-
Server 2019 Domain Controllers broken by updates
by 2 days, 3 hours ago
-
Google won’t remove 3rd party cookies in Chrome as promised
by 2 days, 5 hours ago
-
Microsoft Manager Says macOS Is Better Than Windows 11
by 2 days, 8 hours ago
-
Outlook (NEW) Getting really Pushy
by 1 day, 11 hours ago
-
Steps to take before updating to 24H2
by 1 day, 1 hour ago
-
Which Web browser is the most secure for 2025?
by 1 day, 15 hours ago
-
Replacing Skype
by 1 day, 3 hours ago
-
FileOptimizer — Over 90 tools working together to squish your files
by 2 days, 2 hours ago
-
Excel Macro — ask for filename to be saved
by 23 hours, 56 minutes ago
-
Trying to backup Win 10 computer to iCloud
by 1 day, 3 hours ago
-
Windows 11 Insider Preview build 26200.5570 released to DEV
by 4 days, 8 hours ago
-
Windows 11 Insider Preview build 26120.3941 (24H2) released to BETA
by 4 days, 10 hours ago
-
Windows 11 Insider Preview Build 22635.5305 (23H2) released to BETA
by 4 days, 10 hours ago
-
No April cumulative update for Win 11 23H2?
by 2 days, 22 hours ago
-
AugLoop.All (TEST Augmentation Loop MSIT)
by 4 days, 10 hours ago
Remembering Woody
