News

Microsoft Tweaks Its Security Updates for Orgs

Microsoft is changing the way it delivers Windows security updates to organizations starting next month.

The policy changes, announced last week, concern Windows security-only updates and Internet Explorer security updates. They only apply to organizations using Microsoft's older supported Windows client and server operating systems, namely "Windows 7 SP1, Windows 8.1, Windows Server 2008 R2, Windows Server 2012 and Windows Server 2012 R2," per the announcement. Consumers using Windows Update to get updates won't be affected.

The new policy will kick off in February for so-called "update Tuesdays," which are the second Tuesdays of each month when Microsoft releases both security and quality patches. Next month's patch Tuesday event is slated for Feb. 14, Valentine's Day.

The first policy change involves the bundling of IE security updates. Microsoft will exclude IE updates from the "security-only quality updates" it releases on update Tuesdays. The aim of this policy change is to reduce potential bandwidth hits that can occur on the networks of organizations using the security-only updates. Microsoft had started pushing IE updates into these security-only updates back in December, but that approach made them bulky for some organizations, Microsoft's announcement explained.

Consequently, IE security updates will once again become separate patches next month and won't be bundled up with the security-only quality update releases. Microsoft defines a security-only quality update as just having new security fixes for the month. It's not a "cumulative" release. Here's how Microsoft defines a security-only quality update:

"The Security Only update does not contain fixes from previous months, and allows enterprises to download as small of an update as possible to remain secure."

In contrast, the IE security updates that Microsoft will now release in a separate bundle, starting next month, will be cumulative, meaning that they will contain all previous IE security updates.

There's also a "security monthly quality roll-up" that arrives on update Tuesdays. It includes "both security and reliability fixes, as well as all fixes from previous roll-ups," according to Microsoft. In other words, it's cumulative. The security monthly quality roll-up will include IE security fixes.

Microsoft also releases a "preview of monthly quality roll-up" on the third Tuesday of each month, which is designed to let IT pros see what's coming down the pipe in advance. This preview release, too, will include IE security patches.

The second policy change Microsoft announced last week was actually announced in mid-December, and became effective retroactively on that month. Microsoft changed a behavior in which security-only quality updates were getting superseded by the "security monthly quality roll-up." That was a problem for the organizations preferring to defer feature updates.

Much of the recent confusion with Microsoft's updates occurred in October, when Microsoft started rolling out a new monthly client and server patch model for its older Windows OSes. The new model, somewhat like the update model of Windows 10, was announced back in August.

Today's changes are responses to customer feedback on the new patch model, Microsoft indicated.

In other patch news, Microsoft this week published a five-minute overview video of the Windows 10 servicing model. It's presented by Windows patch expert Michael Niehaus, director of product marketing for Windows at Microsoft.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

  • Salesforce To Acquire Informatica in $8 Billion Deal

    Salesforce announced on Tuesday it plans to acquire data management firm Informatica for $8 billion.

  • An image of planes flying around a globe

    2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.

  • Microsoft Gives Orgs More Power to 'Tune' AI Agents

    At its Build 2025 conference this week, Microsoft unveiled significant advancements aimed at empowering enterprises to create more sophisticated AI agents.

  • Build 2025: Microsoft Charts Wider Path for AI Agents

    At Build 2025, Microsoft unveiled its strategic vision for the future of AI agents, emphasizing the development of autonomous systems capable of performing complex tasks across various applications.