Windows Update on Windows 10 in light mode, showing PC is up-to-date
|Other names||Microsoft Update|
|Service name||Windows Update|
Windows Update is a Microsoft service for the Windows 9x and Windows NT families of operating system, which automates downloading and installing Microsoft Windows software updates over the Internet. The service delivers software updates for Windows, as well as the various Microsoft antivirus products, including Windows Defender and Microsoft Security Essentials. Since its inception, Microsoft has introduced two extensions of the service: Microsoft Update and Windows Update for Business. The former expands the core service to include other Microsoft products, such as Microsoft Office and Microsoft Expression Studio. The latter is available to business editions of Windows 10 and permits postponing updates or receiving updates only after they have undergone rigorous testing.
As the service has evolved over the years, so have its client software. For a decade, the primary client component of the service was the Windows Update web app that could only be run inside Internet Explorer. Starting with Windows Vista, the primary client component became Windows Update Agent, an integral component of the operating system.
The service provides several kinds of updates. Security updates or critical updates mitigate vulnerabilities against security exploits against Microsoft Windows. Cumulative updates are updates that bundle previously released updates. Cumulative updates were introduced with Windows 10 and have been backported to Windows 7 and Windows 8.1.
Microsoft routinely releases updates on the second Tuesday of each month (known as the Patch Tuesday), but can provide them whenever a new update is urgently required to prevent a newly discovered or prevalent exploit. System administrators can configure Windows Update to install critical updates for Microsoft Windows automatically, so long as the computer has an Internet connection.
Windows Update web app
Windows Update was introduced as a web app with the launch of Windows 98 and offered additional desktop themes, games, device driver updates, and optional components such as NetMeeting. Windows 95 and Windows NT 4.0 were retroactively given the ability to access the Windows Update website and download updates designed for those operating systems, starting with the release of Internet Explorer 4. The initial focus of Windows Update was free add-ons and new technologies for Windows. Security fixes for Outlook Express, Internet Explorer and other programs appeared later, as did access to beta versions of upcoming Microsoft software, e.g. Internet Explorer 5. Fixes to Windows 98 to resolve the Year 2000 problem were distributed using Windows Update in December 1998. Microsoft attributed the sales success of Windows 98 in part to Windows Update.
The Windows Update web app requires either Internet Explorer or a third-party web browser that supports the ActiveX technology. The first version of the web app, version 3, does not send any personally-identifiable information to Microsoft. Instead, the app downloads a full list of every available update and chooses which one to download and install. But the list grew so large that the performance impact of processing became a concern. Arie Slob, writing for the Windows-help.net newsletter in March 2003, noted that the size of the update list had exceeded 400 KB, which caused delays of more than a minute for dial-up users. Windows Update v4, released in 2001 in conjunction with Windows XP, changed this. This version of the app makes an inventory of the system's hardware and Microsoft software and sends them to the service, thus offloading the processing burden to Microsoft servers.
Critical Update Notification Utility
Critical Update Notification Utility (initially Critical Update Notification Tool) is a background process that checks the Windows Update web site on a regular schedule for new updates that have been marked as "Critical". It was released shortly after Windows 98.
By default, this check occurs every five minutes, plus when Internet Explorer starts; however, the user could configure the next check to occur only at certain times of the day or on certain days of the week. The tool queries the Microsoft server for a file called "
cucif.cab", which contained a list of all the critical updates released for the operating system. The tool then compares this list with the list of installed updates on its machine and displays an update availability notification. Once the check is executed, any custom schedule defined by the user is reverted to the default. Microsoft stated that this ensures that users received notification of critical updates in a timely manner.
An analysis done by security researcher H. D. Moore in early 1999 was critical of this approach, describing it as "horribly inefficient" and susceptible to attacks. In a posting to BugTraq, he explained that, "every single Windows 98 computer that wishes to get an update has to rely on a single host for the security. If that one server got compromised one day, or an attacker cracks the [Microsoft] DNS server again, there could be millions of users installing trojans every hour. The scope of this attack is big enough to attract crackers who actually know what they are doing..."
Microsoft continued to promote the tool through 1999 and the first half of 2000. Initial releases of Windows 2000 shipped with the tool. The tool did not support Windows 95 and Windows NT 4.0.
Automatic Updates is the successor of the Critical Update Notification Utility. It was released in 2000, along with Windows Me. It supports Windows 2000 SP3 as well.
Unlike its predecessor, Automatic Updates can download and install updates. Instead of the five-minute schedule used by its predecessor, Automatic Updates checks the Windows Update servers once a day. After Windows Me is installed, a notification balloon prompts the user to configure the Automatic Updates client. The user can choose from three notification schemes: Being notified before downloading the update, being notified before installing the update, or both.
Windows XP and Windows 2000 SP3 include Background Intelligent Transfer Service, a Windows service for transferring files in the background without user interaction. As a system component, it is capable of monitoring the user's Internet usage, and throttling its own bandwidth usage in order to prioritize user-initiated activities. The Automatic Updates client for these operating systems was updated to use this system service.
Automatic Updates in Windows XP gained notoriety for repeatedly interrupting the user while working on their computer. Every time an update requiring a reboot was installed, Automatic Updates would prompt the user with a dialog box that allowed the user to restart immediately or dismiss the dialog box, which would reappear in ten minutes; a behavior that Jeff Atwood described as "perhaps the naggiest dialog box ever."
In 2013, it was observed that shortly after the startup process, Automatic Updates (
wuauclt.exe) and Service Host (
svchost.exe) in Windows XP would claim 100% of a computer's CPU capacity for extended periods of time (between ten minutes to two hours), making affected computers unusable. According to Woody Leonhart of InfoWorld, early reports of this issue could be seen in Microsoft TechNet forums in late May 2013, although Microsoft first received large number of complaints about this issue in September 2013. The cause was an exponential algorithm in the evaluation of superseded updates which had grown large over the decade following the release of Windows XP. Microsoft's attempts to fix the issue in October, November and December proved futile, causing the issue to be escalated to the top priority.
Windows Update Agent
Starting with Windows Vista and Windows Server 2008, Windows Update Agent replaces both the Windows Update web app and the Automatic Updates client. It is in charge of downloading and installing software update from Windows Update, as well as the on-premises servers of Windows Server Updates Services or System Center Configuration Manager.
Windows Update Agent can be managed through a Control Panel applet, as well as Group Policy, Microsoft Intune and Windows PowerShell. It can also be set to automatically download and install both important and recommended updates. In prior versions of Windows, such updates were only available through the Windows Update web site. Additionally, Windows Update in Windows Vista supports downloading Windows Ultimate Extras, optional software for Windows Vista Ultimate Edition.
Unlike Automatic Updates in Windows XP, Windows Update Agent in Windows Vista and Windows 7 allows the user to postpone the mandatory restart (required for the update process to complete) for up to four hours. The revised dialog box that prompts for the restart appears under other windows, instead of on top of them. However, standard user accounts only have 15 minutes to respond to this dialog box. This was changed with Windows 8: Users have 3 days (72 hours) before the computer reboots automatically after installing automatic updates that require a reboot. Windows 8 also consolidates the restart requests for non-critical updates into just one per month. Additionally, the login screen notifies them of the restart requirements.
Windows Update Agent makes use of the Transactional NTFS feature introduced with Windows Vista to apply updates to Windows system files. This feature helps Windows recover cleanly in the event of an unexpected failure, as file changes are committed atomically.
Windows 10 contains major changes to Windows Update Agent operations; it no longer allows the manual, selective installation of updates. All updates, regardless of type (this includes hardware drivers), are downloaded and installed automatically, and users are only given the option to choose whether their system would reboot automatically to install updates when the system is inactive, or be notified to schedule a reboot. Microsoft offers a diagnostic tool that can be used to hide troublesome device drivers and prevent them from being reinstalled, but only after they had been already installed, then uninstalled without rebooting the system.
Windows Update Agent on Windows 10 supports peer to peer distribution of updates; by default, systems' bandwidth is used to distribute previously downloaded updates to other users, in combination with Microsoft servers. Users may optionally change Windows Update to only perform peer to peer updates within their local area network.
Windows 10 also introduced cumulative updates. For example, if Microsoft released updates KB00001 in July, KB00002 in August, and KB00003 in September, Microsoft would release cumulative update KB00004 which packs KB00001, KB00002, and KB00003 together. Installing KB00004 will also install KB00001, KB00002 and KB00003, mitigating the need for multiple restarts and reducing the number of downloads needed. However, a disadvantage of cumulative updates is that downloading and installing updates that fix individual problems is no longer possible.
Windows Update for Business
Windows Update for Business is a term for a set of features in the Pro, Enterprise and Education editions of Windows 10, including:
- The ability to change the Windows 10 release branch from the default "Semi-Annual Channel (Targeted)" (formerly "Current Branch" or "CB") to "Semi-Annual Channel" (formerly "Current Branch for Business" or "CBB"), or vice versa. The former offers feature updates as soon as they are released. The latter offers feature updates with a four-month delay, so that they may receive further testing.
- The ability to delay quality updates for up to 30 days.
- The ability to delay feature updates for up to 365 days.
These features were added in Windows 10 version 1511. They are intended for large organizations with lots of computers, so that they can logically group their computers for gradual deployment. Microsoft recommends a small set of pilot computers to receive the updates almost immediately, while the set of most critical computers to receive them after every other group has done so, and has experienced their effects.
Other Microsoft update management solutions, such as Windows Server Update Services or System Center Configuration Manager, do not override Windows Update for Business. Rather, they force Windows 10 into the "dual scan mode". This can cause confusion for administrators who do not comprehend the full ramifications of the dual scan mode.
Complementary software and services
As organizations continued to use more computers, the per-machine Windows Update clients started to become unwieldy and insufficient. In response to the need of organizations for deploying updates to many machines, Microsoft introduced what was ultimately called Windows Server Update Services (WSUS). WSUS downloads updates for Microsoft product to a server computer on which it is running and redistributes them to the computers within the organization over a local area network (LAN). One of the benefits of this method is a reduction in the consumption of Internet bandwidth, equal to (N-1)×S, where N is the number of computers in the organization and S is the size made by the updates. Additionally, WSUS permits administrators to test updates on a small group of test computers before deploying them to all systems, in order to ensure that business continuity is not disrupted because of the changes of the updates. For very large organizations, multiple WSUS servers can be chained together hierarchically. Only one server in this hierarchy downloads from the Internet. WSUS is a component of the Windows Server family of operating systems.
Update packages distributed via the Windows Update service can be individually downloaded from Microsoft Update Catalog. These updates can be delivered to computers without any network connections (e.g. using a USB flash drive) or used deploy Microsoft products in pre-updated state. In case of the former, Windows Update Agent (
wusa.exe) can install these files. In case of the latter, Microsoft deployment utilities such as DISM, WADK and MDT can consume these packages.
Microsoft offers System Center Configuration Manager for very complex deployment and servicing scenarios. The product integrates with all of the aforesaid tools (WSUS, DISM, WADK, MDT) to automate the process.
As of 2008, Windows Update had about 500 million clients, processed about 350 million unique scans per day, and maintained an average of 1.5 million simultaneous connections to client machines. On Patch Tuesday, the day Microsoft typically releases new software updates, outbound traffic could exceed 500 gigabits per second. Approximately 90% of all clients used automatic updates to initiate software updates, with the remaining 10% using the Windows Update web site. The web site is built using ASP.NET, and processes an average of 90,000 page requests per second.
Traditionally, the service provided each patch in its own proprietary archive file. Occasionally, Microsoft released service packs which bundled all updates released over the course of years for a certain product. Starting with Windows 10, however, all patches are delivered in cumulative packages. On 15 August 2016, Microsoft announced that effective October 2016, all future patches to Windows 7 and 8.1 would become cumulative as with Windows 10. The ability to download and install individual updates would be removed as existing updates are transitioned to this model. This has resulted in increasing download sizes of each monthly update. An analysis done by Computerworld determined that the download size for Windows 7 x64 has increased from 119.4MB in October 2016 to 203MB in October 2017. Initially, Microsoft was very vague about specific changes within each cumulative update package. However, since early 2016, Microsoft has begun releasing more detailed information on the specific changes.
At the February 2005 RSA Conference, Microsoft announced the first beta of Microsoft Update, an optional replacement for Windows Update that provides security patches, service packs and other updates for both Windows and other Microsoft software. The initial release in June 2005 provided support for Microsoft Office 2003, Exchange 2003, and SQL Server 2000, running on Windows 2000, XP, and Server 2003. Over time, the list has expanded to include other Microsoft products, such as Windows Live, Windows Defender, Visual Studio, runtimes and redistributables, Zune Software, Virtual PC and Virtual Server, CAPICOM, Microsoft Lync, Microsoft Expression Studio, and other server products. It also offers Silverlight and Windows Media Player as optional downloads if applicable to the operating system.
Office Update is a free online service that allows users to detect and install updates for certain Microsoft Office products.
The original update service supported Office 2000, Office XP, Office 2003 and Office 2007. On 1 August 2009 Microsoft decommissioned the Office Update service, merging it with Microsoft Update. Microsoft Update does not support Office 2000.
With the introduction of the Office 365 licensing program, however, Microsoft once again activated a separate Office update service to service Office 365 customers. Owners of perpetual Microsoft Office licenses continue to receive updates through Microsoft Update.
A number of tools have been created by independent software vendors which provide the ability for Windows Updates to be automatically downloaded for, or added to, an online or offline system. One common use for offline updates is to ensure a system is fully patched against security vulnerabilities before being connected to the Internet or another network. A second use is that downloads can be very large, but may be dependent on a slow or unreliable network connection, or the same updates may be needed for more than one machine. AutoPatcher, WSUS Offline Update, PortableUpdate, and Windows Updates Downloader are examples such tools.
- Gartner, John (24 August 1995). "Taking Windows 98 For A Test-Drive". TechWeb. CMP Net. Archived from the original on 3 December 2012.
- "Strong Holiday Sales Make Windows 98 Best-Selling Software of 1998". PressPass (Press release). Microsoft. 9 February 1999. Retrieved 29 July 2008.
- Slob, Arie (22 March 2003). "Windows Update is Spying on You!". Windows-Help.NET. InfiniSource. Archived from the original on 14 January 2018. Retrieved 12 September 2019.
- "Description of the Windows Critical Update Notification utility". Support. Microsoft. 5 December 2007.
- Moore, H. D. (29 January 1999). "How the MS Critical Update Notification works..." BugTraq mailing list archive – via seclists.org.
- Atwood, Jeff (13 May 2005). "XP Automatic Update Nagging". Coding Horror: Programming and Human Factors. Retrieved 12 September 2019.
- Bright, Peter (16 December 2013). "Exponential algorithm making Windows XP miserable could be fixed". Ars Technica. Condé Nast. Retrieved 12 September 2019.
- Leonhard, Woody (16 December 2013). "Microsoft promises to fix Windows XP SVCHOST redlining 'as soon as possible'". InfoWorld. IDG. Retrieved 12 September 2019.
- "How to update the Windows Update Agent to the latest version". Support. Microsoft. 6 June 2017.
- "Windows Update Agent". TechNet. Microsoft. 13 December 2007.
- "How to Install the Windows Update Agent on Client Computers". TechNet. Microsoft. 2007.
- Rouse, Margaret (May 2014). "Microsoft Windows Update Agent". TechTarget.
- Savov, Vlad (15 November 2011). "Windows 8 auto-update will consolidate restarts into one per month, give you three days to do it". The Verge. Vox Media.
- "NTFS Beta Chat Transcript (July 12, 2006)". Storage at Microsoft. Microsoft. 12 July 2006.
- "Windows 10 lets you schedule Windows Update restarts". CNET. Retrieved 4 August 2015.
- "Did Microsoft Just Backtrack On Forced Updates For Windows 10?". CRN.com. Retrieved 4 August 2015.
- "On the road to Windows 10: Nvidia driver tests KB 3073930 patch blocker". InfoWorld. Retrieved 31 July 2015.
- "On the road to Windows 10: Problems with forced updates and KB 3073930". InfoWorld. Retrieved 31 July 2015.
- "How to stop Windows 10 from using your PC's bandwidth to update strangers' systems". PC World. IDG. Retrieved 4 August 2015.
- Hammoudi, Samir (15 November 2015). "Windows Update for Business explained". beanexpert. Microsoft.
- Azzarello, Pat (10 May 2017). "What is Windows Update for Business?". Windows for IT Pros. Microsoft.
Windows Update for Business is intended for machines running Windows 10 or later, and Windows 10 Education, Professional, or Enterprise editions managed in organizations.
- Halfin, Danni; Brower, Nick; Lich, Brian; Poggemeyer, Liza (13 October 2017). "Deploy updates using Windows Update for Business". Microsoft Docs. Microsoft.
- Bott, Ed (17 January 2018). "How to take control of Windows 10 updates and upgrades (even if you don't own a business)". ZDNet. CBS Interactive.
- Halfin, Danni; Lich, Brian (27 July 2017). "Build deployment rings for Windows 10 updates". Microsoft Docs. Microsoft.
- Rasheed, Shadab (9 January 2017). "Why WSUS and SCCM managed clients are reaching out to Microsoft Online". Windows Server Blog. Microsoft.
- "RSA Conference 2005: "Security: Raising the Bar" (speech transcript)". PressPass. Microsoft. 15 February 2005. Retrieved 30 July 2008.
- "Microsoft Announces Availability of New Solutions to Help Protect Customers Against Spyware and Viruses". PressPass. Microsoft. 6 January 2005. Retrieved 30 July 2008.
- "Introducing the Microsoft.com Engineering Operations Team". Microsoft TechNet. Microsoft. 2008. Retrieved 31 May 2012.
- "Windows 10 users beg Microsoft for more info on updates". Computerworld. IDG. Retrieved 30 September 2015.
- "Windows 7, 8.1 moving to Windows 10's cumulative update model". Ars Technica. Conde Nast Digital. Retrieved 16 August 2016.
- Gregg Keizer (14 December 2017). "Why Windows 7 updates are getting bigger". Computerworld.
- "Windows 10 update details". Windows 10 update history. Microsoft. Retrieved 4 March 2016.
- "Microsoft Update Site Launched". helpwithwindows.com. 10 June 2005. Retrieved 30 July 2008.
- "About Office Update". office.microsoft.com. Microsoft. Archived from the original on 28 May 2010.
- "Install Office updates". support.office.com. Microsoft. Retrieved 4 December 2017.
- "Check for Office for Mac updates automatically". support.office.com. Microsoft. Retrieved 4 December 2017.
- "4 Tools to Update Windows Offline and install Hotfixes from a Local Source". raymond.cc.