Demystify Patching and Release Cycles

Our last blog article explained the importance and concept of a public roadmap. While this was targeting more the release of new software or services, this also applies to patching. In the case of Microsoft, the patches for Windows and Windows Server are released every second Tuesday of the month, on the famous “Patch Tuesday”. This concept was introduced 15 years ago in October 2003. As you can imagine, the cloud has changed not only how often patches are getting released; also new capabilities such as Artificial Intelligence (AI) is getting leveraged to improve the quality.

Who is Who

However, before we go into the release cycles, it might be useful and essential to align with the wordings.

  • Update/Patch – update to fix a known bug or issue
  • Hotfix – update to fix a particular issue, not always publicly released
  • Update Rollup – Incremental update between service packs to fix multiple outstanding issues
  • Service Pack – a Large update that fixes many outstanding issues, includes typically all Patches, Hotfixes, Update Rollups.

In the Microsoft eco-system, updates are either delivered in the “General Distribution Release” (GDR) or the “Limited Distribution Release” (LDR) channel. GDR updates are available from Microsoft Update or Download Center. However, LDR updates are not released to the general public and must be received via Microsoft Support.

Update Strategy and its Rhythm

While patches initially have been released only once a month, this has been slightly changed over time. Today, there are different waves every week:

Cycle Description Timing
“B” release Primary and most important updates, release does include security fixes. Also known as “Patch Tuesday”Second Tuesday of each month
“C” release Preview of “B” release without security updates. Targeting older operating systems Third Tuesday of each month
“D” release Preview of “B” release without security updates. Fourth Tuesday of each month
Out-of-band release Emergencies, any update that does not follow the standard release schedule – most of the time for Security, where it’s time-critical to act. Think of patches for “Spectre” or “Meltdown”. Not planned

Updates that fix components that were found to have vulnerabilities are fixed based on the criticality of the vulnerability. Likelihood and severity of the vulnerability have a significant impact on how fast the patch is being released – either through the mainstream update cadence or an out-of-band update.

Not only the update strategy has evolved, but also the way the operating system is maintained has changed. You might have heard of the term, Windows as a Service. While this is applying for Windows 10, also Windows Server 2016 and newer will be delivered in different cadences. There are two primary release channels available for Windows Server, the Long-Term Servicing Channel, and the Semi-Annual Channel.

You said AI?

Indeed, it seems that Artificial Intelligence (AI) is everywhere, see also our article about Chat Bots. For the April 2018 update rollout, Microsoft used a new approach to spot issues during deployment of a feature update.
Based on feedback or telemetry data, an AI model indicates if there is an issue with the update on such a device/machine. This information allows the team within Microsoft to quickly adjust the deployment process. Throttling the deployment will prevent other potentially affected devices from being offered the update until the issue has been analyzed and fixed.
Using this AI model allows Microsoft to throttle the update rollout to customers without them needing to take any action. Early feedback from the first test:

Early returns are very positive: With over 250 million machines on the April 2018 Update, we see higher satisfaction numbers, fewer known issues, and lower support call volumes compared to previous Windows 10 releases.

You can read the full story on the Microsoft Blog: AI powers Windows 10 April 2018 Update rollout.

There’s just one more thing…

You may wonder why Microsoft has chosen the second Tuesday to release patches to the public? There are multiple factors to take into considerations which make Tuesday a perfect fit:

  • It gives you one extra day (Monday) to close any other issues from the previous week and plan the upcoming activities.
  • There will be a right amount of time to test and deploy the updates to the devices while still having time to respond to issues that may arise during the rest of the week.

While this sounds all good, there is just one thing to keep in mind; patches are released at 10 am Pacific Time. This means that updates are released by the time you leave for home on Tuesday.


Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.