News

Microsoft Explains Its Off-Schedule Windows Updates

As part of an ongoing effort to be more transparent about its monthly Windows update process, Microsoft this week shared its rationale for sometimes releasing Windows updates that don't follow the standard schedule.

The term Microsoft uses for these patches is "on-demand releases." Michael Fortin, corporate vice president for Windows at Microsoft, explained the matter in an announcement Monday:

We also provide updates that don't follow a standard release schedule. We refer to these as on-demand releases. They are used in atypical cases where we detect an issue and cannot wait for the next monthly release because devices must be updated immediately either to fix security vulnerabilities or to solve a quality issue impacting multiple devices.

Fortin also noted that Microsoft is planning to improve its Windows 10 update history page. It will show "more information about our actions or partner actions to mitigate issues," he said.

The Windows 10 update history page is already showing some of those details, at least in the case of Windows 10 version 1809. Microsoft first released Windows 10 version 1809 on Oct. 2, but it was later blocked due to data loss issues. Microsoft rereleased version 1809 on Nov. 13, but this version of Windows 10 is still blocked today for some users.

Machines with the following characteristics will have blocks for it, per Microsoft's history page:

  • Intel display drivers versions 24.20.100.6344 and 24.20.100.6345.
  • F5 VPN clients that use a split-tunnel configuration.
  • Trend Micro's OfficeScan and Worry-Free Business Security software.
  • AMD Radeon HD2000 and HD4000 series graphics processing units.

These details previously were tucked away in obscure Knowledge Base articles, but the history page now offers a kind of one-stop guide.

Fortin noted last month in his kick-off transparency post that if Microsoft detects that a device would have a problem with a Windows update, then the user will not be offered the update. Microsoft also staggers its Windows update releases around the globe, which can account for delays.

Here's an updated summary of Microsoft's monthly updates for Windows systems, based on Fortin's and past Microsoft explanations:

Update Name Scope Publish Timing Windows Update?
Security-only update for deployment Monthly (contains security patches only) On "B week" to WSUS and the Windows Update Catalog; accessible via SCCM No
Security and quality update for deployment with no new features (a.k.a. the "monthly rollup") Cumulative (security plus non-security patches) On "B week" to WSUS and the Windows Update Catalog Yes
Preview of monthly quality update for testing, mostly for older Windows systems (a.k.a. the "preview rollup") Cumulative (non-security patches only) On "C week" to WSUS and the Windows Update Catalog Yes
Preview of monthly quality update for testing (a.k.a. the "preview rollup") Cumulative (non-security patches only) On "D week" to WSUS and the Windows Update Catalog Yes
"Out-of-band" update or "on-demand" release Monthly or whenever needed Whenever needed Probably

Table 1. Microsoft's monthly updates for supported Windows clients and servers. Cumulative updates contain past fixes previously released and new fixes. "B week" represents "update Tuesday," or releases that arrive on the second Tuesday of each month. "C week" is reserved for test releases that arrive on the third Tuesday of each month. "D week" is reserved for test releases that arrive on the fourth Tuesday of each month. WSUS: Windows Server Update Services. SCCM: System Center Configuration Manager. (Sources: Microsoft Windows blog post and Enterprise blog post, as modified by comments in this Aug. 1 Microsoft Tech Community post, plus this Dec. 1, 2018 post.)

Fortin noted that C- and D-week Windows update previews are "primarily for commercial customers and advanced users 'seeking' updates." However, it should be noted that end users in an organization currently can trigger these test updates if they use the "Check for Windows updates" option within Windows. These end users are sometimes called "seekers," even if their intent was just to check which updates were installed on their machines.

Fortin also described some of Microsoft's internal quality validation programs. He had earlier explained that with Windows 10, developers at Microsoft now do some of the functional testing that previously was handled by quality assurance (QA) staff. He offered a few more nuances about Microsoft's Windows testing process, describing a Prerelease Validation Program, a Depth Test Pass program, a Monthly Test Pass program and the Windows Insider Program for volunteers, plus a separate Security Update Validation Program for program invitees who test security patches.

In an Ask Microsoft Anything description from May, Microsoft described its Windows 10 QA testing back then as consisting of "dog-fooding" (the use of Microsoft preview software internally) plus the Windows Insider Program as its main approaches to assuring update quality.

About the Author

Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.