Windows 7 and 8.x Forced Cumulative Updates

Good-bye A La Carte, Roll Out The Roll-ups


security-and-reliability-updates

Microsoft will impose a change to the way it will offer updates to pre-Windows 10 computers. No more picking and choosing between individual patches for security and system reliability. These patches will be offered only in a single “Convenience Roll-up” update. A Roll-up is multiple patches rolled into a single update package. The move will have two primary objectives: It will reduce update fragmentation among the millions of Windows computers out there, and it will simplify the update management system for Microsoft.

Changes to the way Microsoft will offer updates to older systems begin October. Basically, it will mirror how Windows 10 systems get their updates. The changes apply to Windows 7 SP1 and Windows 8.1. It also applies to Windows Server versions 2008 R2, 12 and 12 R2.

Unfortunately, for those who have taken a more selective approach to managing Windows updates, that level of control will no longer be an option. But, for Microsoft, it has the potential to reduce the complexity of the update process and the multiples of different problems that might arise from having so many computers with different sets of updates. This should make it easier for Microsoft to identify and correct problems the monthly update may cause on various systems.

Actually, I wonder why Microsoft didn’t make these changes a long time ago. Google also had fragmentation issues with their Android operating system. In a move to reduce the problem, the Android team eliminated the level of access cell phone companies had to the Android kernel. Until a couple of years ago, various cell service providers would make their own customizations to the Android kernel for branding and functionality modifications, but the cell providers were reluctant to push new security updates because it meant having to spend resources on fixing millions of cell phones already in the wild, rather than focusing those resources on new products that would add to the company’s bottom line. Keeping the Android kernel intact gave Google more control over distributing security updates and significantly reducing OS version fragmentation, which continues to improve.

Microsoft’s big hope is that reduced update fragmentation in the world’s computers running supported versions of Windows will improve Windows security and system reliability. It will certainly improve the predictable impact of the monthly update on Windows systems.

The plan is to release monthly Roll-ups that address both security and reliability issues in a single update. It will be published to Windows Updates servers, USUS, SCCM, and the Microsoft Update Catalog. Each month, the new update will supersede the previous month’s Roll-up, so there will only be one update to deal with to get your computer current.


Microsoft plans to proactively add patches from the past to Monthly Roll-up until it becomes fully cumulative. This means that updates you have purposely avoided in the past will no longer be avoidable. This will be troubling for many who have been hyper-vigilant in filtering what updates they want on their computers, and which ones they don’t. For example, it will now be much more difficult to avoid Microsoft’s determined efforts to infect your Windows 7 machine with their intrusive telemetry measures. Ugh!

For enterprises, a single Security-only update will also be released each month. It will Roll-up that month’s security patches into a single update. Individual security patches will not be available.

These changes to the Windows Update process were announced in a post on Microsoft’s TechNet blog by senior product marketing manager, Nathan Mercer. You can read more details about the planned changes there.

What do you think about these changes to Windows Update? Has Microsoft finally found a way to defeat the Windows 7 hold-outs from avoiding new Windows telemetry efforts?


About the Author

Daniel Banks

Daniel Banks is a computer enthusiast and part time tech. He began his computing career in the early ’90s with a state-of-the-art 486 computer. Playing Kong when he should have been working, he quickly became a master at throwing exploding bananas. RAM was measured in kilobytes… computers only came in one color… getting online made lots of noise and AOL was the internet… or, so we thought. Daniel has been building custom computers for himself and others for over 25 years. His current box was built back in 2008, sporting a Gigabyte mainboard, over-clocked i7 Quad Core engine, 8GB RAM, and an antiquated, over-clocked video card that still gets the job done, running a carefully manicured Win7 OS. Don’t ask where he got the OS. Dan has always had a passion for computers and all things geek. We hope you enjoy his articles.

There are 16 comments

Your email address will not be published. Required fields are marked *