Windows Update – What Is It Good For?

As is sometimes the case, this blog post is inspired by me being wrong or making an inaccurate statement (and then doing a bunch of research). This time, the statement was about what updates are released on “Patch Tuesday”. First, know that “Patch Tuesday” is not an official Microsoft term but is commonly used and accepted by most (if not all) folks as being the once a month day (always the second Tuesday of the month) when Microsoft releases security fixes to their products. From this stems a series of implications and/or misperceptions:

  • Only security updates are published on Patch Tuesday. This is false. There are in fact many other updates (potentially) released on Patch Tuesday. (This is the one that I was getting wrong, thanks Marty.)
References: Description of Software Update Services and Windows Server Update Services changes in content for 2014, 20132012, 2011, 2010, 2009, 2008
  • Security updates and bulletins are only published on Patch Tuesday. This is true, at least intent wise and is the whole point of Patch Tuesday. As we all know, they do release out of band, high priority security updates on occasion though. One other item of interest that is often asked about is whether there is a scheduled time for the release of these security bulletins and updates. The answer is yes: 10AM Pacific time; i.e., the time zone the Microsofties in Redmond are used to.
  • The second Tuesday of the month is the only scheduled day every month that Microsoft uses to release updates. This is also false. There are in fact two “Patch Tuesdays” every month: the second and fourth Tuesdays of every month. As mentioned in the previous bullet point though, the fourth Tuesday is not used to release scheduled security updates though.
  • Every update that Microsoft releases is available from Windows Updates and/or via the Windows Update Catalog. This is false. The Windows Update Catalog contains a small subset of the updates that Microsoft creates for its many products. The product teams for the various products in conjunction with the Windows Update team (to my knowledge) determine what actually goes into the catalog. Generally, the updates chosen to go into the catalog are updates that they feel all customers should install or at least should have access easy to.
  • Windows Update, WSUS, and ConfigMgr Software Updates all have the same list of updates. This is a solid “it depends”. The links from the first bullet point above have all of the updates released and to which list they are released. There are in fact five separate lists that updates are released to: Windows Update, Microsoft Update, Important/Automatic Updates, WSUS, and Catalog. Why updates make into each list is a bit murky and I can’t find anything definitive; however, each appears to have a different historic reason for its existence but all have more or less been collapsed (don’t count on that though, check the KBs linked in the first bullet point to verify). It is true however that ConfigMgr directly pulls its update list from WSUS so those two methods do have the same list of updates. Although if you’re not using ConfigMgr, you’re doing it wrong :-)

Written by , Posted .