Microsoft's release yesterday of three out-of-band patches -- an "update rollup" for Windows 7, another for Windows 8.1, and a weird time zone change for Egypt -- offers a taste of the problems and advantages of the company's "streamlined" Windows updating procedure unveiled Monday.
Microsoft didn't post documentation for the patches until many hours after they went out the automatic update chute, and in the intervening time we discovered a lot about what Win7/8.1 updating will look like starting in October.
The patches themselves are remarkable for several reasons. The documentation trail is also worth a gander for experienced Win7 and 8.1 customers.
First, the oddball patch: KB 3177723 makes adjustments to Windows to get rid of Daylight Savings Time in Egypt, which canceled DST on July 4, three days before it was scheduled to start. While it's undoubtedly difficult to program time zone changes, Microsoft has done it hundreds of times. The time zone change made it into the latest Windows 10 cumulative updates, released on Aug. 9, so why weren't the Win7/8.1 changes also issued on that day? And -- pardon me, those of you who live in Egypt -- what's so important about a time zone change that it has to appear in an out-of-band patch?
The other two patches are remarkable in that both are update rollups, which is like a test flight for cumulative updates. The Win 7 update rollup, KB 3179573, contains a couple of fixes that don't matter to most people. The Win 8.1 update rollup, KB 3179574, has dozens of fixes -- most of which won't matter to you, either.
What's notable about these patches: Microsoft has started documenting the changes in a master post. There's no description of the changes in the KB articles; to see what's being changed, you have to go to the Win 7 update history page or the Win 8.1 update history page. That's a big improvement.
Those of you who fought for the Windows 10 update history page should feel vindicated. Microsoft didn't start posting Win10 changelogs until the 12th cumulative update for version 1511, build 10586.318 -- a full 10 months after Win10's release. Now it seems we're going to get a changelog for Windows 7 and 8.1's cumulative updates from the get-go. Well done.
(Yes, I see where the Win7 history page says "Last Review: Aug. 10, 2016 - Revision: 20" and the Win 8.1 page claims "Last Review: Aug. 10, 2016 - Revision: 32." That's hogwash. In both cases there are two entries on the page, one for July 21 and one for Aug. 16 -- and if they first appeared before Aug. 16, I sure didn't see them.)
Also worthy of note: Both the Win 7 and the Win 8.1 update rollups contain fixes for earlier, botched Windows patches. The Win 7 update history page says this latest patch fixes a bug in KB 3161561, a June security patch. The Win 8.1 history page says the latest patch fixes bugs in that same June security patch, as well as KB 3072633, a July security patch.
If this is the start of a trend, that's another piece of good news. In the past, it often took a full month before bugs in Windows and Office were fixed -- Win10 cumulative updates appear infrequently and Office 365 security patches are only supposed to get updated once a month. As I've said many times, that's intolerable. A week ago, we found a printer bug in the Windows 10 cumulative updates. If Microsoft sticks to its once-a-month security patching strategy, that bug won't get fixed until September. Similarly, it took Microsoft a month to fix the Excel bug that prevented certain kinds of files from being opened correctly.
A acceptability of a one-month lag between security updates is debatable, but a one-month delay in fixing bad patches is inexcusable. Having that delay built into your patching procedure just doesn't make any sense. Perhaps we're seeing a softening of that self-destructive stance by Microsoft.
To be sure, many questions about the October change to Windows 7 and 8.1 updating remain unanswered. For example, I don't have any idea what Microsoft is going to do about Internet Explorer. In one of the comments to his "Further simplifying servicing models for Windows 7 and Windows 8.1" TechNet post yesterday, Nathan Mercer says:
We are working to get IE included in the monthly rollup and security-only update but do not have a confirmed schedule yet.
So we now have known exceptions to this new cumulative update vision, with exemptions for .Net, Flash, and IE.
For those who wish to retain control of their Win7 and 8.1 systems, the future may not be as bleak as it appears. In that same article, Mercer states:
Unlike the Monthly Rollup, the Security-only update will only include new security patches that are released for that month. Individual patches will no longer be available. The Security-only update will be available to download and deploy from WSUS, SCCM, and the Microsoft Update Catalog.
If I read that correctly, it means that folks who want to keep their PCs patched with security updates may be able to do so, without ceding all control over patching to Microsoft. The mechanism for controlling your own machine would involve blocking all updates and downloading each month's security patches: one month, one download. You wouldn't be able to pick and choose your security patches, but once that month's patches seem to be working, you could download and install them without using Windows Update.
There are a million questions about that approach. What if Microsoft pulls a bad patch? What about precedence and fixes for botched patches? The lack of individual patches may drive some third-party patch programs to distraction, if not oblivion. But in general, it may be possible for Windows 7 and 8.1 customers to install only the security updates and ignore all the nonsecurity stuff.
Maybe, just maybe, we'll see a time when Win7 and 8.1 users can patch their PCs without also installing the next "Get Windows 10."
Tip o' the hat to Susan Bradley