With my previous article finishing the discussion on Windows 10 branch upgrades, I will now tackle Windows 10 cumulative updates or patching.
Windows 10 patching is one of the biggest changes and challenges for enterprises as they roll out this operating system. Unlike older versions, Windows 10 has a new approach to patching with cumulative updates where granularity and size will have impacts on third party application compatibility and general operating stability. This article will explore the changes and what to expect.
Cumulative updates vs. single patches
The first thing to notice is the cumulative nature of the updates. Unlike previous versions of Windows, there are no individual patches. This is changing somewhat in October 2016 with Windows 7, 8.1, and Server 2012, but still not the same thing. Windows 10 cumulative updates have all fix types and are additive from release to release meaning each update has all previous updates.
Security and non-security
Somewhat obscured is the fact that Windows 10 cumulative updates include both security and non-security patches. This may account for the size (see below). Documentation for the security fixes can still be found on the TechNet Security Bulletin webpage, while non-security fix documentation is less detailed in nature found on the Window 10 Update History webpage.
Third party application impact
With the cumulative nature of Windows 10 updates, there will be third party application compatibility issues. Most customers we speak with encounter issues with a patch a few times a year. Now with the cumulative updates, customers who encounter issues will need to make the difficult decision between application availability and security. This is because unlike the granular patches of the past, one must choose to apply or not apply an entire update. Should one choose to not apply one month’s update, the problem compounds as the next month’s update also cannot be applied. So instead of being exposed to one or two vulnerabilities fixed by a single patch, not applying a cumulative update would expose that system to a dozen or more vulnerabilities.
A recent example was the incompatibility of the Windows 10 January update with Citrix XenDesktop. In that case, the update would not even install if an incompatible version of XenDesktop was detected. In this case, Citrix was able to create a fix in a few days and then update could then be applied.
Big and growing
With Windows 10 cumulative updates comes size. As you can see from the tables below, updates are specific to a branch, grow massively over time, but do reset in size with the release of a new branch.
Windows 1507 Cumulative Update Sizes
|Update||x86 Size (MB)||x64 Size (MB)|
Windows 1511 Cumulative Update Sizes
|Update||x86 Size (MB)||x64 Size (MB)|
Windows 1607 Cumulative Update Sizes
x86 Size (MB)
x64 Size (MB)
To help comprehend the size of the updates, here are a couple of stats for consideration:
- The 1507 x64 cumulative update on September 13, 2016 is 177% larger than the first update released on August 18, 2015
- The 1511 x64 cumulative update on September 13, 2016 is 2069% larger than the first update released on November 15, 2015
- The total size of individual patches for Windows 8.1 x64 on September 13, 2016 was 84.3 MB. The corresponding sizes of Windows 10 x64 cumulative updates for 1507, 1511, and 1607 were 12.1, 12.5, and 5.1 times larger respectively
- At the current growth rate, the 1511 x64 cumulative update could top 2 GB in size in early 2017
As with previous articles, here are some key takeaways on Windows 10 Cumulative Updates:
- Updates are cumulative making it near impossible to not apply a patch without creating significant risk
- Updates include security and non-security fixes
- Third party application compatibility will be a bigger issue in Windows 10 than previous versions of Windows
- Cumulative updates start out big and become enormous over time