• When is it safe to install multiple standalone Windows updates without a reboot?

    Home » Forums » AskWoody support » Windows » Windows – other » When is it safe to install multiple standalone Windows updates without a reboot?

    • This topic has 6 replies, 4 voices, and was last updated 5 years ago.
    Author
    Topic
    #106067

    I couldn’t fit my actual question in the 80 characters allowed in an AskWoody topic title, so here is my actual question:
    After installing a standalone Windows update that requests a reboot, under what conditions is it safe to install another standalone Windows update without rebooting first? Note: I’m referring only to situations where a standalone Windows update has finished processing before starting another standalone Windows update.

    We know that the answer isn’t “it’s always safe” because of a serious error that could occur during installation of an earlier version of Windows 7 Service Pack 1. From https://support.microsoft.com/en-us/help/975484/your-computer-may-freeze-or-restart-to-a-black-screen-that-has-a-0xc0000034-error-message-after-you-install-service-pack-1-on-windows-7-or-windows-2008-r2:

    “This issue can occur when a user attempts to install the Service Pack, does not restart the machine to complete the installation, installs other updates and then restarts the machine.”

    According to https://blogs.technet.microsoft.com/joscon/2011/03/16/new-information-on-error-code-0xc0000034/, Microsoft revised Windows 7 Service Pack 1 to install exclusively of other updates to avoid this error.

    Background technical information: Reasons for Reboots – Part 2

    From Hasn’t the problem of updates being partially installed until the next reboot already been solved by changes in Windows?:

    ‘Let me answer a question that several folks have raised (both in the comments and offline): Hasn’t the problem of updates being partially installed until the next reboot already been solved by changes in Windows?

    This is, to a large extent, true. Modern versions of Windows use Component-Based Servicing (CBS). This technology makes sure that new Windows components, and new versions of existing components, are installed atomically. In other words, if it is possible to install or update a component without a reboot, CBS does so. If it is not possible (because one or more files are in use, or because the component requires more complicated setup), then the entire installation of the component is automatically suspended until the next reboot.

    So this means that the problem described in this blog post is gone, right? Absolutely not, for at least two reasons.

    First, not all updates distributed through Windows Update/Microsoft Update are purely CBS-based. There are a variety of different types of updates (drivers, Office updates, etc.), each of which may have different installation behaviors. For example, there are still a few troublesome drivers that do not behave normally until the next reboot. And from the Windows Update perspective, there is a class of updates called “command-line updates” — updates that have unusual needs, and so cannot be published in the usual standardized formats. Command-line updates can still work in whatever way they want, just like the good old days of UPDATE.EXE. And that means that command-line updates may still be subject to the problem.’

    From Creating Update Binaries:
    “4. Updates should not require exclusive installation. When multiple updates are applicable to be installed on a computer, the Automatic Updates client may install them in batches. Security updates that are released as part of the MSRC bulletins are also released several at a time. Therefore, updates must ensure that they can all be installed in a single install session of Automatic Updates. The update metadata can specify that the update requires exclusive installation, but it is not recommended that you do so.

    5. Updates should not require reboot. Rebooting may be unavoidable, since the binaries being updated may be in use, but it should not be required for other reasons. If the update metadata can specify that the update requires a reboot, all reboots are deferred until the end of the Automatic Updates session. For example, if multiple updates are being installed and the first update requires a reboot, that reboot will not occur until after the last update has been installed. Automatic Updates prompts the user to reboot at the end of any install session in which at least one update has indicated that reboot is required.”

    So it seems that the answer to my question is, in a statistical sense, that it’s usually safe, but there unfortunately are some situations in which it’s unsafe. Can anyone provide a better answer?

    1 user thanked author for this post.
    Viewing 3 reply threads
    Author
    Replies
    • #106133

      Windows update metadata includes the property Impact, which according to Basic Update Metadata:

      “Specifies the level of the impact: normal impact, minor impact (zero-service interruption), or requires exclusive handling. Automatic Updates can be configured to install minor updates as soon as they arrive, rather than waiting for the next scheduled install. Updates that require exclusive handling are not installed in a batch with other updates.”

      The Impact property is also documented at InstallationImpact Enumeration.

      If you are curious, you can see whether a given Windows update must be installed exclusively by looking at the Install Resources tab for a given update at the Microsoft Update Catalog.

      I’ll now attempt to answer my question from the first post.

      Question: After installing a standalone Windows update that requests a reboot, under what conditions is it safe to install another standalone Windows update without rebooting first?

      Answer: I believe that it’s always safe to do this, assuming that every Windows update that you plan to install that truly requires exclusive handling is properly marked by Microsoft in the update metadata as requiring exclusive handling. As I mentioned in the first post, there is at least one update that is known to truly require exclusive handling that isn’t (or perhaps wasn’t) marked in the update metadata as requiring exclusive handling. I don’t know how many other such improperly marked updates exist. If you believe that there’s a non-negligible likelihood of such incorrect metadata in any of the Windows updates that you plan to install, then you should always reboot when a standalone Windows update requests a reboot before installing another standalone Windows update.

      • #114785

        you can see whether a given Windows update must be installed exclusively by looking at the Install Resources tab for a given update at the Microsoft Update Catalog

        For anyone who might not be aware, in order to look at the Install Resources tab you must first click on the Title tab.

    • #106150

      So it seems that the answer to my question is, in a statistical sense, that it’s usually safe, but there unfortunately are some situations in which it’s unsafe. Can anyone provide a better answer?

      Most of us can’t answer definitively, except to share anecdotal evidence. I’d say your assessment is right on.

      My experience has been mostly good with installing updates that don’t end up requiring a reboot. But to be honest I haven’t done a lot of those, and even fewer in combination with others.

      I’ve always been of a mind to a) hold off doing any updates until other folks out there have been given a chance to report what the updates did to their systems, and b) do Windows Updates infrequently in batches, which almost always required a reboot.

      Put succinctly, my systems run for months, then when it’s a good time for me I put in a batch of vetted updates and reboot.

      To date, the longest any one of my systems has run is about 5 months before a required reboot – simply because I did not update it. More often the time is 1 to 2 months.

      From my own experience I’d recommend my approach to others. Delay updating until it’s convenient and the risk of a borked system negatively affecting your computing needs is minimized.

      Based on recent history, it seems prudent to treat updates with suspicion and Microsoft with contempt unless/until they prove otherwise. In other words, expect imperfection.

      A month or two ago Woody raised the MS-DEFCON level way up and encouraged everyone to update. His judgment was right on – systems updated to roughly “the beginning of 2017” seem to be running pretty well overall. Why? Because he listens to feedback here and makes his determination based on his own experience and the anecdotal experiences of others. It’s the only thing possible without our being able to examine the source code of the changes.

      Hoping to be lucky with updates is not a strategy.

      -Noel

      3 users thanked author for this post.
    • #106163

      Thank you for your post Noel :).

      The correct answer to this question has become more important recently for Group B users given that the latest Internet Explorer cumulative update must be installed in addition to the monthly security-only updates.

      Note: I believe that if the word “standalone” were to be deleted everywhere it appears in my prior two posts, the resulting sentences would still be accurate.

    • #106173

      My anecdotal experience installing pre-downloaded updates to be deployed outside of the automatic updates method: (YMMV)

      For major service packs and cumulative updates:  always reboot before proceeding with further locally installed updates.

      For pretty much all other updates I have had amazingly good luck in deferring reboots until they are all installed.  Once in a while the next update in a string of updates I attempt will complain that there are un-applied updates – then I reboot.

      ~ Group "Weekend" ~

      1 user thanked author for this post.
      • #106190

        That is reassuring, and I believe it’s also good advice. Thanks :).

        A note: When a given Windows update’s metadata indicates that exclusive handling is required, I expect that Windows ensures this (although I didn’t test this aspect.)

    Viewing 3 reply threads
    Reply To: When is it safe to install multiple standalone Windows updates without a reboot?

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.