Windows 7 and 8.x Forced Cumulative Updates

Good-bye A La Carte, Roll Out The Roll-ups


security-and-reliability-updates

Microsoft will impose a change to the way it will offer updates to pre-Windows 10 computers. No more picking and choosing between individual patches for security and system reliability. These patches will be offered only in a single “Convenience Roll-up” update. A Roll-up is multiple patches rolled into a single update package. The move will have two primary objectives: It will reduce update fragmentation among the millions of Windows computers out there, and it will simplify the update management system for Microsoft.

Changes to the way Microsoft will offer updates to older systems begin October. Basically, it will mirror how Windows 10 systems get their updates. The changes apply to Windows 7 SP1 and Windows 8.1. It also applies to Windows Server versions 2008 R2, 12 and 12 R2.

Unfortunately, for those who have taken a more selective approach to managing Windows updates, that level of control will no longer be an option. But, for Microsoft, it has the potential to reduce the complexity of the update process and the multiples of different problems that might arise from having so many computers with different sets of updates. This should make it easier for Microsoft to identify and correct problems the monthly update may cause on various systems.

Actually, I wonder why Microsoft didn’t make these changes a long time ago. Google also had fragmentation issues with their Android operating system. In a move to reduce the problem, the Android team eliminated the level of access cell phone companies had to the Android kernel. Until a couple of years ago, various cell service providers would make their own customizations to the Android kernel for branding and functionality modifications, but the cell providers were reluctant to push new security updates because it meant having to spend resources on fixing millions of cell phones already in the wild, rather than focusing those resources on new products that would add to the company’s bottom line. Keeping the Android kernel intact gave Google more control over distributing security updates and significantly reducing OS version fragmentation, which continues to improve.

Microsoft’s big hope is that reduced update fragmentation in the world’s computers running supported versions of Windows will improve Windows security and system reliability. It will certainly improve the predictable impact of the monthly update on Windows systems.


The plan is to release monthly Roll-ups that address both security and reliability issues in a single update. It will be published to Windows Updates servers, USUS, SCCM, and the Microsoft Update Catalog. Each month, the new update will supersede the previous month’s Roll-up, so there will only be one update to deal with to get your computer current.

Microsoft plans to proactively add patches from the past to Monthly Roll-up until it becomes fully cumulative. This means that updates you have purposely avoided in the past will no longer be avoidable. This will be troubling for many who have been hyper-vigilant in filtering what updates they want on their computers, and which ones they don’t. For example, it will now be much more difficult to avoid Microsoft’s determined efforts to infect your Windows 7 machine with their intrusive telemetry measures. Ugh!

For enterprises, a single Security-only update will also be released each month. It will Roll-up that month’s security patches into a single update. Individual security patches will not be available.

These changes to the Windows Update process were announced in a post on Microsoft’s TechNet blog by senior product marketing manager, Nathan Mercer. You can read more details about the planned changes there.

What do you think about these changes to Windows Update? Has Microsoft finally found a way to defeat the Windows 7 hold-outs from avoiding new Windows telemetry efforts?


About the Author

Daniel Banks

Daniel Banks is a computer enthusiast and part time tech. He began his computing career in the early '90s with a state-of-the-art 486 computer. Playing Kong when he should have been working, he quickly became a master at throwing exploding bananas. RAM was measured in kilobytes... computers only came in one color... getting online made lots of noise and AOL was the internet... or, so we thought. Daniel has been building custom computers for himself and others for over 25 years. His current box was built back in 2008, sporting a Gigabyte mainboard, over-clocked i7 Quad Core engine, 8GB RAM, and an antiquated, over-clocked video card that still gets the job done, running a carefully manicured Win7 OS. Don’t ask where he got the OS. Dan has always had a passion for computers and all things geek. We hope you enjoy his articles.

16 Comments

  1. Well this sucks! I avoided Win 10 for this very reason, and now they have screwed up 7 and 8.1. I have limited internet and pay by the MB so this will no doubt cost me money. It is my computer and I should be able to decide what and when I download. I hope they don’t force updates for things I don’t use like Outlook etc. I guess I will be buying my Mac walker than expected and say good riddance to MS for ever. UGH!!

  2. Scandalous !
    I cease to apply the updates (earlier than expected)!
    I have a good antivirus an images of the PC… that’ll do in my case.

    • Thanks for the askwoody suggestion. Very interesting read. Well worth the visit and I will continue to follow his site. Looks like a Mac is in my future.

  3. > Has Microsoft finally found a way to defeat the Windows 7 hold-outs
    > from avoiding new Windows telemetry efforts?

    Nah, if the rollout of this new approach is October then towards the end of September I will be doing my final Win7 update. The O/S has been out for 7 long years now and if MS hasn’t fixed all the “System” problems by now they are never going to. As far as “Security” issues, I don’t need MS for that as I’ve got better anti-virus and anti-malware software. So a hearty sayonara to MS system/security/telemetry updates, it was fun while I knew ya…

  4. In other words, if one update causes problems (something not uncommon according to what I hear from Windows 10 users), you will have the choice of all or nothing. It would not be surprising if this results in more people ceasing to do any updates.

  5. Windows update has been completely disabled the last couple times I have re-installed Windows 7, because of some rogue program I tested. Not just in the options, but in the services.msc. If that’s not enough, I delete anything related to updates (WUA), and replace it with another program.

    Enough said.

  6. I too will be joining the ranks of those who will cease getting updates from M$ for my two Win 7 devices.

  7. Turned my W7 updates off a long time ago. I do a check every now and then but all it does is run and run and etc.

    • Unless you install the new Windows Update, it will not install any new security or stability updates. Micro$oft has changed the update service.
      Windows 7 SP1 and 8.x need the new Windows 10 style Update program.

  8. I will just deactivate windows updates or mark the roll-ups as hide. I like my privacy. What I do with my, and I emphasize MY, machine is not the business of Micro$oft!