Managing Updates and Patches in Windows 10

October 16, 2019 by

Greg Belding

Introduction

Updates and patches are vital to maintain information security standards on Windows systems. They include recent changes in the threat landscape, help fix preexisting bugs and apply recent service packs to your system. 

Windows 10 offers a dramatically changed approach to managing updates and patches. This article details the Windows 10 approach, including where to find Windows Update, the Windows Update settings app and advanced settings.

Learn Windows 10 Host Security

Build your Windows skills with 13 courses covering Windows registry, services, processes, toolset and more.

Start Learning

The Windows 10 approach

Windows 10 is a departure from previous Windows versions. Previously, updates and patches were issued with next to no user customization capabilities. Windows 10 gives users the choice of how and when they can download and install the latest updates and patches. This helps create the smoothest-running and most secure Windows 10 system possible. 

Updates and patches are cumulative in Windows 10. Updates or patches missed in one month are caught up on when the user installs updates and patches in the next month. 

Where to find Windows Update in Windows 10

There are two ways to bring up Windows Update in Windows 10. 

1. Click on Settings → Update & Security → Windows Update
2. In the Windows 10 Cortana search bar, search Check for Windows updates. This will bring up the Windows Update window and check for current Windows updates that need to be downloaded and installed

Windows Update settings app

Up until Windows 10 version 1703, managing updates and patches occurred within the group policy editor for enterprise deployments. As of version 1709, management has taken a more user-friendly turn by allowing users to determine how and when their Windows updates are installed. Changes are made by going to Settings → Windows Update → Advanced Options. 

Choose how updates are installed

In Advanced options, users are given three choices for how updates are installed:

• Give me updates for other Microsoft products when I update Windows — on/off toggle
• Automatically download updates, even over metered data connections — on/off toggle
• Restart reminder

Choose when updates are installed

Advanced options offer more choices for the user to make than choosing how updates are installed. 

The first option is what branch readiness level is needed. Semi-Annual Channel (targeted) means that the updates are ready for most, but not all, organization employees. This means that feature updates are available when they are released to Windows update. Semi-Annual Channel refers to updates ready for widespread use. This means that feature updates will not be available until Microsoft declares them ready for widespread use, generally around four months’ time from the initial release.

Pausing updates

Windows 10 is the first version to allow pausing updates. Updates can be paused for up to 35 days. When updates have been paused once, Windows 10 requires the system to be updated before the system user can choose to pause updates again.

Update deferment

Windows 10 divides updates into two categories: feature updates, which relate to improvements and new capabilities, and quality updates, which are Windows security improvements. Users can choose how many days, if any, to defer these two categories of updates. 

Windows feature update speed

Windows 10 focuses on constant evolution, where change does not come at prescribed times but on a continuous basis. 

Features updates in previous versions of Windows, even previous variants of Windows 10, used to take a considerable amount of time to install. For example, the Windows 10 feature update (version 1703) installation time was around 82 minutes on average. In version 1709, this time was brought down to 51 minutes, with faster installation predicted in future versions.

Managing patches

Unlike updates, patches cannot be deferred or paused. Windows 10 takes a retroactive, cumulative approach to patch roll-ups, so those skipped in one month will reappear on the patch list in the next month. 

Patches don’t go away. If users don’t want the patch, it must be skipped every time Windows Update loads to prevent automatic install.

Conclusion

Windows 10 has taken a new approach toward managing updates and patches. Updates are more automatic and more user-friendly, offering the capability to defer and pause updates within time parameters. Pausing updates ensures a smoother system during use and allows pushing them to install during down times. Windows 10 patch management has gone the other direction, relegating more control to the system, requiring users to install patches as they are released.skills securing windows 10

Sources

1. How to Manage Windows Update in Windows 10, Make Use Of
2. Update Windows 10, Microsoft
3. Microsoft Suggests IT Pros Must Adapt to Windows 10 Update Process, Redmond
4. Microsoft Explains Its Windows 10 Patching Process, MCP Mag