Microsoft Further Simplifies their Windows 7 and 8.1 Servicing Model

After rolling out a new update process for Windows 7 SP1, Windows 8.1, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 last fall, Microsoft is making a couple of tweaks to that process to further improve it for enterprise and business customers.

Richard Hay, Senior Content Producer

January 17, 2017

5 Min Read
Microsoft Further Simplifies their Windows 7 and 8.1 Servicing Model

Last fall, when Microsoft rolled out their new servicing model for Windows 7 SP1, Windows 8.1, Windows Server 2008 R2, Windows Server 2012 and, Windows Server 2012 R2 it was their intent to make the process of updating those operating systems similar to the Windows as a Service (WaaS) model that is now familiar to many companies and users with Windows 10 and other products and services.

Those updates use a rollup model and are there are three categories of updates under this new servicing model that has been in effect since October:

  • Security Monthly Quality Update (aka the Monthly Rollup) – New fixes are rolled into a single update, which includes both security and reliability fixes, as well as all fixes from previous rollups. Each new Monthly Rollup will supersede the previous, so installing the latest Monthly Rollup will ensure you have all fixes since the start of the model in October 2016. For example, the December 2016 Monthly Rollup contained all the fixes in the October and November Monthly Rollups.

  • Preview of Monthly Quality Rollup (aka the Preview Rollup) – New reliability fixes are first released in an optional Preview Rollup that enables early deployment of the new reliability fixes before they are included in the next Monthly Rollup.

  • Security Only Quality Update (aka the Security Only update) – In an alternative option released to WSUS and Microsoft Update Catalog only, new security fixes are also provided in a single Security Only update, which rolls all the security patches for that month into a single update. The Security Only update does not contain fixes from previous months, and allows enterprises to download as small of an update as possible to remain secure.

According to Microsoft, since this process rolled out it has provided a consistent process for remaining up to date on their systems.

The company is now tweaking this process for its enterprise and business customers who use WSUS, SCCM. the Microsoft Update Catalog, or other update management products to deploy updates on their networks. Note: Consumer customers will not see any changes to their rollup update process with these modifications.

Here are summaries of the two changes being made:

Deploying both the Security Only update and Monthly Rollup

Both the Monthly Rollups and Security Only updates are available on WSUS and the Microsoft Update Catalog, and both are published with the “Security updates” classification, enabling enterprise customers using WSUS or other update management tools to sync and deploy both updates, depending on their settings. To further simply installation and deployment in this scenario, the servicing model was updated in December 2016 to better handle the Security Only update installation applicability.

As of December 2016, a Security Only update will not be offered on a PC where a Monthly Rollup (from the same or later month) is already installed. This is accomplished through an applicability definition on the Security Only update, which checks for the installation of a Monthly Rollup (from the same or later month) to determine if it applicable on the PC. For example, if a PC attempts to install the February 2017 Security Only update, and the February 2017 (or later) Monthly Rollup is already installed, the Windows Update client will now report the Security Only update as not applicable. In addition to simplifying the installation scenario, tools that leverage such applicability for deployment reporting would see the Security Only update as not needed on the PC.

Additionally, as of December 2016, Security Only updates from earlier months (October and November 2016) were revised to leverage this applicability check, so it now applies to all Security Only updates released in the new servicing model. Finally, this applicability definition also checks for the installation of a Preview Rollup from the same or later month, which also includes the security fixes for that month.

Reducing the package size of the Security Only update

The Security Only update contains new security fixes for the Windows operating system, which includes Internet Explorer. Before October 2016, updates for the latest supported version of Internet Explorer (IE11 for Windows 7 SP1, Windows 8.1, Windows Server 2008 R2 and Windows Server 2012 R2; IE10 for Windows Server 2012) were provided in a separate monthly update. From October 2016 to January 2017 we included any Internet Explorer fixes for that month in the Security Only update to allow you to also remain secure for the latest supported Internet Explorer version for your operating system, all by installing the single Security Only update.

This inclusion enabled a simplified update installation process, though the Internet Explorer updates constituted a significant percentage of the total Security Only update package size. Given that package size is one of the primary reasons some enterprise customers choose to leverage the Security Only update (to optimize for smaller download in limited bandwidth scenarios), these customers have requested increased flexibility for deploying the Security Only updates for Windows independently of the fixes for Internet Explorer.

Starting with February 2017, the Security Only update will not include updates for Internet Explorer, and the Internet Explorer update will again be available as a separate update for the operating systems listed above.

With this separation, the Security Only update package size will be significantly reduced, but you will need to deploy and install the Internet Explorer update to remain secure for the latest supported version of the browser. [Note that the Internet Explorer update will not install or upgrade to the latest supported version of Internet Explorer if not already present.]

The Monthly Rollup will continue to include updates for Internet Explorer, as a single additive update that provides all security and reliability fixes since the beginning of the new servicing model in October 2016. Users of the Monthly Rollup will not need to install the separate Internet Explorer update. To simplify installation for Monthly Rollup users, the new Internet Explorer update will leverage the same installation applicability definition as the Security Only update (explained above), meaning that it will not install on a PC that has already installed the Monthly Rollup (or Preview Rollup) from the same or later month.

You can read more about these changes at the Windows for IT Pros website.


Looking for an awesome, no-nonsense technical conference for IT Pros, Devs, and Devops? Check out IT/Dev Connections!

IT/Dev Connections

Read more about:


About the Author(s)

Richard Hay

Senior Content Producer, IT Pro Today (Informa Tech)

I served for 29 plus years in the U.S. Navy and retired as a Master Chief Petty Officer in November 2011. My work background in the Navy was telecommunications related so my hobby of computers fit well with what I did for the Navy. I consider myself a tech geek and enjoy most things in that arena.

My first website – – came online in 1995. Back then I used GeoCities Web Hosting for it and is the result of the work I have done on that site since 1995.

In January 2010 my community contributions were recognized by Microsoft when I received my first Most Valuable Professional (MVP) Award for the Windows Operating System. Since then I have been renewed as a Microsoft MVP each subsequent year since that initial award. I am also a member of the inaugural group of Windows Insider MVPs which began in 2016.

I previously hosted the Observed Tech PODCAST for 10 years and 317 episodes and now host a new podcast called Faith, Tech, and Space. 

I began contributing to Penton Technology websites in January 2015 and in April 2017 I was hired as the Senior Content Producer for Penton Technology which is now Informa Tech. In that role, I contribute to ITPro Today and cover operating systems, enterprise technology, and productivity.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like