Windows 10 is famous for many stuffs and it was revolutionary in some logic behind the scenes from Microsoft and same thing for the server side, Windows Server 2016. One of this revolution was about patching that, compared with the past, has changed everything thanks to tons of feedback from users, tired to fight with an amazing number of updates, hours of waiting and complicated procedure.
Good work Microsoft but starting from beginning the product team has found a limitation about the main model because the experience for the end-user was not amazing, in particular about the time waiting. By the way, introducing a new model we have new terms, new words and in the most of cases the IT admins ignore the meaning and what is the difference. So, keep calm and read this article to learn more about Windows Updates.
First of all, there are three types of updates:
Full Update – this package contains all the patches release starting from the RTM. For example, if you download the last Cumulative Update (August) of Windows 10 1803, released in April, your machine will apply all the updates without do nothing else. The size of this package is very heavy, more or less 1.2GB per CU, and this effort for the networking side, but also for CPU, is high. The distribution channel is Microsoft Update.
Express Update – this package contains only the patches needed to fix the computer and use network protocol to determine optimal differentials, then download only what is needed, which is typically around 150-200 MB in size each month. The weight for the server update is heavy because the size of Express Update is around 6-7GB, this because the package contains N-5 updates. The distribution channels are Windows Update, WSUS and all third-party update manager that supports express updates.
Quality Update – this package will be introduced with, and only, for Windows 10 1809 and Windows Server 2019. The goal is emulate the Full Update with the difference that the package should be very small, thanks a new compression metod. For all the organization this means reduce the bandwidth usage up to 40% with or without a patching platform. For the standalone machine, will be possible download the package will seamlessly save network bandwidth thanks to the smaller size of the update. For example, the size of first update will be 40MB to arrive up to 150MB for Full Update. The distribution channels will be Microsoft Update, Windows Update, WSUS and all third-party update manager.
Figure 1 – Update Sizing
As I said, the Quality Update will be released only starting from v1809 and above, for the “legacy” operating system the patching methods are Full and Express Update.
Like type, there are different kind of classes for each updates:
“B” Release – this is the classic Patch Tuesday published the second Tuesday of each month. These updates are the primary and most important of all the monthly update events and are the only regular releases that include new security fixes.
“C” e “D” Release – these updates are released the third and fourth weeks of the month and contain only non-security updates, and are intended to provide visibility and testing of the planned non-security fixes targeted for the next month’s Update Tuesday release. For example, with the CU April 2018 (4D) was fixed an issue with S2D. These updates are then shipped as part of the following month’s “B” or Update Tuesday release.
Out-of-Band Release – is any update that does not follow the standard release schedule. These are reserved for situations where devices must be updated immediately either to fix security vulnerabilities or to solve a quality issues impacting many devices.
With all of these classes could be normal wait weeks before deploy patches and the classic users could have doubts about when update the servers. Well, there’s no an official rule about patching but it’s fundamentals keep your machines updated, at least N-1, this to avoid issues with instability and security problems (don’t forget the CryptoLocker). The patching is also a required point before opening a ticket to Support Team, this because the last patch could fix the bug that you have. The C and D release must be installed only if there’s a critical bug deployed in your infrastructure (for example S2D).
Don’t forget to follow the product team blog to know issues or recommendation about patching. Last, but not least, remember that is not supported install a patch and don’t restart the server.