Say goodbye to individual patches on Windows 7 and 8

Microsoft will change how patches and updates are delivered to devices running Windows 7 or Windows 8.

There is a bit of light and a lot of shadow when it comes to the new system that Microsoft has used for Windows 10 ever since the operating system launched.

Let’s recap what changes and how that may affect your updating strategy.

Microsoft moves from a one patch per issue update model to a cumulative update model known from Windows 10.

The company plans to release two patches in total for devices running Windows 7 or 8: the first is a cumulative security update that includes all security patches of the given month.

These monthly rollups are cumulative which means that they include all patches that were added to previous rollup updates. Microsoft plans to integrate all available patches -- that were published prior to October 2016 -- eventually as well so that a single monthly rollup patch installs all patches released for Windows 7 or 8.

Microsoft will make available certain updates separately. This includes update for Microsoft's .NET Framework, and for Internet Explorer 11.

Additionally, driver updates won't be included in those patches, and out-of-band security updates will be published as soon as they are available. They will be added to the next monthly rollup patch and security update automatically.

What's good about the change

If you look at the new patching strategy you will notice that patching will get easier on first glance provided that things work.

Users who update Windows through Windows Update need to install a single patch instead of several. 

This may be especially useful when a new system is set up as it may take a while for patches to be retrieved on first use of Windows Update.

The downside

Microsoft's new patching strategy is quite problematic for system administrators and many end users. 

The past has shown for instance that Microsoft does release patches every now and then that cause issues on the operating system. Some issues caused blue screens or endless reboot loops.

Users could remove the update responsible for that once it was identified, but that is no longer possible when the new updating system hits.

This means that you need to uninstall an entire month worth of security updates, or a monthly rollup update, to resolve the issue.

This leaves the system vulnerable to patched security vulnerabilities that did not cause any issues on the device.

Considering that it sometimes takes weeks or even longer to produce a working patch, this could leave systems vulnerable for a long time.

While that is bad enough, it gets worse...

If you don't trust Microsoft enough because of its actions in the past then you may not want those cumulative updates. The reason is simple: you cannot block updates that you don't want anymore.

Anyone who wants control over which updates get installed or removed cannot do that anymore. It is either all or nothing, with no middle-ground!