Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • The mechanics of Windows and Office patching — explained in plain English

    Home Forums AskWoody blog The mechanics of Windows and Office patching — explained in plain English

    This topic contains 34 replies, has 18 voices, and was last updated by  Klaas Vaak 4 months, 1 week ago.

    • Author
      Posts
    • #209360 Reply

      woody
      Da Boss

      There’s a lot of confusion about “Week A” / “Week B” bafflegab and what constitutes a Preview. Microsoft’s explanations don’t make much sense. To top
      [See the full post at: The mechanics of Windows and Office patching — explained in plain English]

    • #209371 Reply

      Susan Bradley
      AskWoody MVP

      It’s also a change in how patching used to be.  At one time only the most recent Windows 10 release (Current branch) would get updates twice a month.  Now we are getting two releases for each feature release of Windows 10 per month.  Also they still aren’t properly describing how servicing stack updates factor into all of this (whether or not you need them depending on how you patch).

      Remember…this is simple.

      Susan Bradley Patch Lady

    • #209377 Reply

      woody
      Da Boss

      Remember…this is simple.

      HA! May I quote you?

      (Actually, I started down this path when I saw Crysta’s confusion about “B Week” and Patch Tuesday. It only scratches the surface.)

      3 users thanked author for this post.
    • #209383 Reply

      zero2dash
      AskWoody Lounger

      “Be simple” yet it’s anything but.
      If this is “simple”, what’s “difficult”?
      I’m an IT guru, a SysAdmin. I’m familiar with PowerShell and SCCM. I’ve worked in Enterprise level Windows environments for half a decade. I’m college educated, with a degree and nearly a 4.0.

      Their update processes still confuse even me, and practically everyone I have worked with over the years.

      “Simple” was the way it was 10 years ago; this, is not “simple”.
      Yeah, I get that “times change”, but Linux updating (which once was incredibly difficult), is now ridiculously simple. (And TRULY “simple”.)

      Again, if this is what MS thinks is “simple”, then I want to see what they think is “difficult”.
      The only way this is “simple” is if you take every update they shoot out, when they shoot it out.

      The majority of Win10 users have long been unpaid beta testers; now that they’re going to do a “Managed Desktop”, I think the term fits even more. I bet you will see that they pull updates for their MD customers that have broken unpaid beta tester systems all over the world. Just you wait…

      12 users thanked author for this post.
      • #209409 Reply

        anonymous

        Win7 turn off update services, wsusoffline dot net, v11.1; coz M$ updates in the months after were sabotage.

        • #209439 Reply

          zero2dash
          AskWoody Lounger

          I used to use wsusoffline but you cannot pick and choose updates unless you do some editing.

          I run my own cmd files for batch installing servicing stacks, rollups, sec only updates, IE11 and its sec only updates, WMF 5.1, .NET 4.6.2, and then all the tweaks I do in GP (but done via registry so they are batched since I’m not running a domain at home).

          wsusoffline is a great tool, but even if you choose the sec only option instead of doing the sec & quality updates – MS has snuck c*** in and I only trust myself at this point to pick and choose updates. I know those guys generally blacklist and remove the bad updates, but there have been times in the past that they didn’t or hadn’t yet.

          2 users thanked author for this post.
          • #209499 Reply

            Klaas Vaak
            AskWoody Lounger

            I run my own cmd files for batch installing servicing stacks, rollups, sec only updates, IE11 and its sec only updates, WMF 5.1, .NET 4.6.2, and then all the tweaks I do in GP (but done via registry so they are batched since I’m not running a domain at home).

            Can those cmd files be shared here? I use WSUS Offline too, but am concerned by what you describe.

            Group "B" | Win 8.1/x64 |Linux Mint 18.3 in VB

      • #209548 Reply

        lurks about
        AskWoody Lounger

        I wonder if the internal design of the Windows and the Window kernel are part of the patching problem. In Unix and Linux there is a philosophy of having many small, discrete programs that do one thing very well. And you can ‘pipe’ the output of one into another making a daisy chain of programs if necessary. This attitude has shown up in Linux where the kernel, window manager, and desktop environment are very distinct, independent entities that are loosely coupled to each other. Thus it is possible to run different desktops on the same box without much difficulty. Window managers would require more work to switch between, not something most would bother to do. So bugs in a desktop for example tend to be isolated to that specific desktop environment. Patching these bugs should rarely require modifications to the window manager or the kernel. MS has claimed that they could not remove IE from Windows as it would break Windows; thus it is tightly coupled to the OS and bugs in it are reality a form of OS bugs. While in Linux web browsers are standalone applications that can be installed or removed at will. Bugs in the browser, while they may be very serious, are not OS bugs as one could remove that browser if necessary.

        1 user thanked author for this post.
        • #209573 Reply

          OscarCP
          AskWoody Lounger

          I would add here yet another problem: a design where the OS is also wrapped around of a single file whose eventual corruption can cause plenty of grief: the Registry.

          1 user thanked author for this post.
        • #209631 Reply

          anonymous

          In Unix and Linux there is a philosophy

          It’s called The Unix philosophy:

          https://en.wikipedia.org/wiki/Unix_philosophy

          Learn, Microsoft, learn!

          1 user thanked author for this post.
    • #209388 Reply

      WildBill
      AskWoody Lounger

      Excellent primer for how it should & Used to Be, Woody. Following MS-DEFCON is needed more now than ever as well. 1 & 2, Don’t Touch WU. 3 & 4, be careful & more. 5, patch & that’s No Jive!

      Windows 8.1, 64-bit, now in Group B!
      Wild Bill Rides Again...

      3 users thanked author for this post.
    • #209391 Reply

      BobbyB
      AskWoody Lounger

      From @woody ‘s Computerworld article:

      Nowadays, newer Win10 versions get three or even four patches, fixes and re-patches per month. Multiply that by three current versions (1703, 1709 and 1803), and there’s a whole lot of Win10 patching going on. It’s a wonder Microsoft can keep all of the balls in the air.

      When we first started down this “Wacky” road of Cumulative updates didn’t M$ say it was going to simplify things? One update(s) once a Month, done deal. Or in the case of Win7 8.1 a few but ostensibly simplify the patching process. The reason they gave at the time was that Patches where all over the place using the old Adhoc system. This in effect was to be the “Brave New World” What we have now is a whole plethora of Patches on Patches on Patches of faults, not rectified, but introduced by, strangely enough. Patches i.e. the Win7 NIC episode (did it ever get fixed?) Its worse than the old system ever was alas. Whatever happened to that old Mantra M$ used to espouse about that they were maintaining to many versions, and to many Variants of Products and that it was all going to be streamlined. Hmmm methinks not happening the way things are now obviously.

      • This reply was modified 4 months, 1 week ago by  BobbyB.
      • This reply was modified 4 months, 1 week ago by  BobbyB.
      5 users thanked author for this post.
      • #209437 Reply

        JCCWsusser
        AskWoody Lounger

        Four current versions. 1607 is still being “serviced” (if you can call it that) for Education, Enterprise, and LTSB. Then there’s 7, 8.1 and a roughly equal number of server versions.

        This, to me, is why they can’t keep up any more. The service on so many versions and the accelerated development is eating them to death. They need to GIVE UP on the 6-month cadence before it kills them.

        3 users thanked author for this post.
        • #209479 Reply

          abbodi86
          AskWoody MVP

          Five with 1507 LTSB
          plus two single Server variants, 2008 & 2012
          and the XP POSReady thing

          sum of all fears = 10 😀

    • #209394 Reply

      Mr. Natural
      AskWoody Lounger

      Great article Woody. Everyone needs to keep the heat on Microsoft regarding this situation. I do believe Microsoft is listening after Susan’s email to “he who shall not be named”. Prior to the August office updates my WSUS server had crickets chirping out of it the last few weeks.

      2 users thanked author for this post.
    • #209387 Reply

      anonymous

      ? says:

      With Microsoft it has become

      to patch or not to patch, that is the question…

      using Ubuntu (for me) is Synaptic Package Manager…

    • #209392 Reply

      anonymous

      Woody a great article!

      My confusion centers around the multiple Windows 10 updates and how to get them since most of us Windows 10 Pro users have restricted MS ability to download them at will.

      This means that we may be without a later released bug patch of a patch.

      For example, if we have: Semi-Annual Channel,  Group Policy set at 2, Feature updates at 365 days, and Quality Updates with a 0 days delay; we will receive the second Tuesday of the Month cumulative update (which are usually hidden via wushowhide awaiting Defcon 3 or more).

      However, from then on, it is my experience, that the subsequent bug fix updates released on the third and forth weeks (or whenever) do not appear in Wupdate.

      This presents a dilemma as what to do when Defcon goes to 3, as the only update available to install is the original hidden update that has had bug fix KB’s released during the month, but which are not available via WUpdate to install.

      If we wait for the next second Tuesday of the month cumulative update, it will contain all of the previous month, but then we need to hide and wait on that one, and the process starts over.

      So how do we handle Window 10 updates when more than the second Tuesday of the month updates are released?

      We may, in fact, be facing this situation regarding the July updates.

      1 user thanked author for this post.
      • #209517 Reply

        anonymous

        PK?  Susan? Woody? Bueller?

        Anybody have an answer to this Windows 10 Update question?

    • #209408 Reply

      OscarCP
      AskWoody Lounger

      From the Computerworld article: “Microsoft hasn’t released a significant new feature for Win7 or 8.1 for at least a few years. Other than bug fixes, time zone changes and the like, the only non-security modifications we’ve seen are designed to increase telemetry.”

      And I am so glad of not getting “new features”. When I want to get them, I always find something elsewhere and install it myself, without MS “help”. As to telemetry: one does whatever one can by practicing good Internet and personal computer hygiene. But in today’s world it is an inescapable fact of life that any Tom, Dick or Harry can have your SSN, home address and telephone number just for the asking, not to mention your present geographic coordinates, if you are not too careful. In ages gone by, a person so spied upon would have the means to find and confront the spies in person and give them a good thrashing. Now days, that option is pretty much unavailable. Unfortunately, some resignation to fate is, therefore, in order.

      That said, I must confess that having Windows 7 and patching myself Group-B style seems to get me into much less trouble and bother than those using Windows 10 or patching as Group A. And except for the occasional annoying inconvenience of dealing with a re-patch issued by MS later in the month, my experience has been pretty good, so far. And now am fully patched trough July (except for .NET, — and for the rollups, that I never install). Of course, Win 7 runs out of steam on January of 2020, and options will have to be found and adopted by then. I already have a Mac, and it might well be that there is also a Mac in my future (fate, again?). We’ll see.

      6 users thanked author for this post.
    • #209415 Reply

      Microfix
      AskWoody MVP

      Well at this rate, there won’t be enough Tuesday’s in a month and a month won’t be long enough to fix them..

      Is this not where the Group A / B patching starts to crack? (then a sinkhole appears)

      | W10 Pro x64 | W8.1 Pro x64 | Linux x64 Hybrids | XP Pro O/L
      1 user thanked author for this post.
      • #209421 Reply

        Jan K.
        AskWoody Lounger

        How come I suddenly hear “Gloomy Sunday”??

        1 user thanked author for this post.
        • #209490 Reply

          lurks about
          AskWoody Lounger

          Not quite that suicidal yet, getting close though.

      • #209423 Reply

        OscarCP
        AskWoody Lounger

        In my experience, Group B is still doing quite well, except for the odd inconvenience now and then. No crack ups in sight, or sinkholes. But, although no one would have imagined this before, in the early years of the XXI Century, we are being watched keenly and closely by (artificial) intelligences greater than man’s and yet as mortal as his own. From their distant abode in Redmond. So one never knows. (With apologies to HGW.)

        2 users thanked author for this post.
      • #209424 Reply

        BobbyB
        AskWoody Lounger

        Not a problem young @microfix according to @woody ‘s article:

        Microsoft has been trying to recast the Gregorian calendar

        It would appear M$ maybe releasing a Patch to fix that lol 😉

        2 users thanked author for this post.
        • #209425 Reply

          OscarCP
          AskWoody Lounger

          Microsoft has been trying to recast the Gregorian calendar

          So: now MS has a confidential deal with the majority in the Vatican’s College of Cardinals concerning the election of the next Pope: His Holiness Satya Nadella the First.

          2 users thanked author for this post.
    • #209420 Reply

      Jan K.
      AskWoody Lounger

      Thankfully the above described mess will all go away once Microsoft implements the “Windows Managed Desktop” solution…

    • #209419 Reply

      anonymous

      Microsoft believes that system problems are not the result of their patching errors, their testing methodology or their own unstable hardware and software products – it’s the user, the developers, the third party mystery vendor, the IT moron, business partner products, all non-MS security software, peripherals, government interference and of course the competitors that ate their lunch. If all these irritants would just go away all would be as it should.

      Mushroom management, a term used to describe the running of a company where the communication channels between the company executives and the customer do not exist. The term alludes to the stereotypical view of mushroom cultivation: “Kept in the dark and periodically given a load of manure” – slightly edited by me.

      3 users thanked author for this post.
      • #209630 Reply

        OscarCP
        AskWoody Lounger

        Another possibility is “magic mushroom management.” Or, considering that medicinal weed is legal in Washington State, some people at Redmond might need to have their dosage adjusted. But, as it is not unheard of very busy people, senior managers at Redmond might be skipping their regular checkups and tests. Please, let’s show a little more understanding for them and also let’s have a little less complaining here!

        1 user thanked author for this post.
    • #209428 Reply

      Karlston
      AskWoody Lounger

      I doubt anything will change until Windows 10 gets more business adoption.

      Microsoft will have to listen to those paying monthly rents. Not doing so would be to bite the hand that feeds them.

      And earlier Windows version users will just continue getting more of the same. Serves the impudent wretches right for not upgrading to Windows 10!

      Or, as I’m so fond of saying, Microsoft will only start to listen to its users when their senior management is replaced by Cortana. 🙂

       

      Hanlon's Razor: Never attribute to malice that which can be adequately explained by stupidity.

      3 users thanked author for this post.
    • #209471 Reply

      geekdom
      AskWoody Lounger

      Every day is patch day.

      Group G{ot backup} Win7 · x64 · SP1 · i3-3220 · TestBeta
    • #209472 Reply

      Mr. Natural
      AskWoody Lounger

      Well at this rate, there won’t be enough Tuesday’s in a month and a month won’t be long enough to fix them.

       

      Attachments:
      You must be logged in to view attached files.
    • #209475 Reply

      OldBiddy
      AskWoody Lounger

      Love that term bafflegab – it seems to cover just about everything to do with the patching process. The A week/B week sequence sounds like something a company payroll would use to keep paydays in order.

      2 users thanked author for this post.
    • #209487 Reply

      Bill C.
      AskWoody Lounger

      But, although no one would have imagined this before, in the early years of the XXI Century, we are being watched keenly and closely by (artificial) intelligences greater than man’s and yet as mortal as his own. From their distant abode in Redmond. So one never knows. (With apologies to HGW.)

      I prefer to think of it as the eye of Sauron…

      2 users thanked author for this post.
    • #209609 Reply

      zero2dash
      AskWoody Lounger

      Can those cmd files be shared here? I use WSUS Offline too, but am concerned by what you describe.

      I uploaded them to PasteBin so you can copy and paste from there and save your own copies.

      install updates and ie11: https://pastebin.com/qbNV1MiT
      install dot net and wmf: https://pastebin.com/gTj3HSxs
      win7 tweaks: https://pastebin.com/kEp0TED8

      Basically I have a dir of all the .msu files and .exe’s; most of these you can get from the Windows Update Catalog, just search for them by the KB#. Put the scripts in the same folder, and then right-click and run as Admin. On a fresh install of 7, I run “install updates and ie11” first, then the “install dot net and wmf”, and then finally, the “win7 tweaks”. I REM or ECHO comment everything that is done, so you can see what is going on (and know they’re not malicious in any way).

      Feel free to pass these along to others or use them as you see fit. 🙂

      Attachments:
      You must be logged in to view attached files.
      3 users thanked author for this post.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: The mechanics of Windows and Office patching — explained in plain English

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information:


    Comments are closed.