|A component of Microsoft Windows|
Windows Update showing on Windows 10, version 1607.
|Other names||Microsoft Update|
|Also available for|
|BITS, Windows Genuine Advantage|
Windows Update (WU), a service offered by Microsoft, provides updates for Windows components. It can be replaced with Microsoft Update, an expanded version of the service which provides for other Microsoft software as well, such as Microsoft Office, Windows Live Essentials and Microsoft Expression Studio. Windows Update clients normally download updates over an Internet connection, although Microsoft makes provision for installing updates on computers without an Internet connection and a range of alternative methods and programs also exist to install updates.
The service provides different kinds of updates. Security updates or critical updates protect against vulnerabilities to malware and security exploits. Other updates correct errors unrelated to security, or enhance functionality.
Microsoft routinely releases security updates on the second Tuesday of each month (Patch Tuesday), but can provide them whenever a new update is urgently required to prevent a newly discovered or prevalent exploit targeting Windows users. System administrators can configure Windows Update to install critical updates automatically so long as the computer has an Internet mobile connection, without the user needing to install them manually, or even be aware that an update is required.
Windows Vista and later provide a Control Panel to configure update settings and check for updates. The Windows Update Control Panel also has the function of downloading Windows Ultimate Extras, optional software for Windows Vista Ultimate Edition. For previous versions of Microsoft Windows, users can download updates from the Windows Update website, using Internet Explorer.
Windows Update web site
Windows Update was introduced as an Internet web site with the launch of Windows 95. A link to Windows Update on the Start Menu gave access to additional downloads for the operating system. At the time of Windows 98's release, Windows Update offered additional desktop themes, games, device driver updates, and optional components such as NetMeeting. Windows 95 and Windows NT 4 were retroactively given the ability to access the Windows Update website, and download updates designed for those operating systems, starting with the release of versions of Internet Explorer 4 for those operating systems. The initial focus of Windows Update was on free add-ons and new technologies for Windows; security fixes for Outlook Express, Internet Explorer and other applications appeared later, as did access to beta versions of upcoming Microsoft software, most notably Internet Explorer 5. Fixes to Windows 98 to resolve the Year 2000 problem were distributed using Windows Update in December 1998. Microsoft attributed the sales success of Windows 98 in part to Windows Update.
Windows Update requires Internet Explorer or a third-party web browser that uses Microsoft's MSHTML layout engine, as it must support the use of an ActiveX control to house the software that is executed on the user's computer. While details have changed from version to version, it has always scanned the computer to find what operating system components and software are installed, and compared the versions of those components with the latest available versions. The ActiveX component then executes the downloaded installation files in their silent/unattended mode to install or update those components, and to report the success or failure of those installations back to Microsoft's servers.
The first version of the Windows Update web site (usually referred to as "v3") did not require any personally-identifiable information to be sent to Microsoft. In order for the v3 ActiveX control to determine what updates were needed, the entire list of available software on Windows Update was downloaded to the user's computer when they visited the Windows Update web site. As the number of updates offered by Windows Update grew, this resulted in performance concerns. Arie Slob, writing for the Windows-help.net newsletter in March 2003, noted that the size of the update list had exceeded 400KB, which caused delays of more than a minute for dial-up users.
Windows Update v4, released in conjunction with Windows XP in 2001, changed this by having the ActiveX control submit a list of the hardware components to Microsoft's servers, which then returns a list of only those device drivers available for that machine. It also narrowed down the list of available updates for the operating system and related components by sending details of what operating system version, service pack, and locale are installed. German technology web site tecchannel.de published an analysis of the Windows Update communication protocol in February 2003, which received wide attention on technology web sites. The report, which was the first to contain extensive details of how the Windows Update communication protocol worked, also discovered that the make and model of the computer, the amount of free disk space, and the Windows product key, were sent.
Critical Update Notification Tool/Utility
Shortly after the release of Windows 98, Microsoft released a Critical Update Notification Tool (later called Critical Update Notification Utility) through Windows Update, which installed a background tool on the user's computer that checked the Windows Update web site on a regular schedule for new updates that have been marked as "Critical". By default, this check occurred every five minutes, and when Internet Explorer was started, though the user could configure the next check to occur only at certain times of the day or on certain days of the week. The check was performed by querying the server for a file, "cucif.cab", which contains a list of all the critical updates released for the user's operating system. The Critical Update Notification Tool then compared this list with the list of installed updates on the user's machine, and displayed a message to the user informing them of new critical updates if they were available. Once the check executed, any custom schedule defined by the user was reverted to the default; Microsoft stated that this was by design in order to ensure that users received notification of critical updates in a timely manner.
An analysis done by security researcher H. D. Moore in early 1999 was critical of this approach, describing it as "horribly inefficient" and susceptible to attacks. In a posting to BugTraq, he explained that, "every single Windows 98 computer that wishes to get an update has to rely on a single host for the security. If that one server got compromised one day, or an attacker cracks the MS DNS server again, there could be millions of users installing trojans every hour. The scope of this attack is big enough to attract crackers who actually know what they are doing..."
The Critical Update Notification tool continued to be promoted by Microsoft through 1999 and the first half of 2000. Initial releases of Windows 2000 shipped with the tool, but Windows 95 and Windows NT 4.0 were not supported. It was superseded by Automatic Updates in Windows Me and Windows 2000 SP3.
With the release of Windows ME in 2000, Microsoft introduced Automatic Updates as a replacement for the Critical Update Notification tool. Unlike its predecessor, Automatic Updates includes the ability to download and install updates without using a web browser. Instead of the five-minute schedule used by its predecessor, the Automatic Updates client checks the Windows Update servers once a day. The user is given the option to download available updates then prompt the user to install them, or to notify the user prior to downloading any available updates. After Windows Me is installed, the user is prompted via a notification balloon to configure the Automatic Updates client.
The Windows Update web site itself was later updated to match the visual style of Windows XP.
Windows XP and Windows 2000 Service Pack 3 include Background Intelligent Transfer Service, a protocol for transferring files in the background without user interaction. As a system component, it is capable of monitoring the user's Internet usage, and throttling its own bandwidth usage in order to prioritize user-initiated activities. The Automatic Updates client for these operating systems was updated to use this system service.
At the February 2005 RSA Conference, Microsoft announced the first beta of Microsoft Update, an optional replacement for Windows Update that provides security patches, service packs and other updates for both Windows and other Microsoft software. The initial release in June 2005 provided support for Microsoft Office 2003, Exchange 2003, and SQL Server 2000, running on Windows 2000, XP, and Server 2003. Over time, the list has expanded to include other Microsoft products, such as Windows Live, Windows Defender, Visual Studio, runtimes and redistributables, Zune Software, Virtual PC and Virtual Server, CAPICOM, Microsoft Lync, and other server products. It also offers Silverlight and Windows Media Player as optional downloads if applicable to the operating system.
MS Office Update
Microsoft Office Update was a free online service that allowed users to detect and install updates for certain Microsoft Office products. This update service supported Office 2000, Office XP, Office 2003 and Office 2007. On 1 August 2009 Microsoft decommissioned the Office Update service as such; its functionality is subsumed within Microsoft Update. Microsoft Update does not support Office 2000; this is not a limitation for existing up-to-date installations of Office 2000, because it is no longer supported and no new updates are issued. However, it affects new or re-installation of MS Office 2000 from original CDs.
Windows Vista and later
For Windows Vista, Windows Server 2008 and later, the web site no longer provides a user interface for selecting and downloading updates. In its place, the Windows Update (or Automatic Updates) control panel has expanded to provide similar functionality. Support for Microsoft Update is also built into the operating system, but is turned off by default. The revised Windows Update can also be set to automatically download and install both Important and Recommended updates. In prior versions of Windows, such updates were only available through the Windows Update web site.
In versions of Windows prior to Vista, updates requiring a reboot would pop up a dialog box every number of specified minutes requesting that users reboot their machines. Microsoft changed this dialog box to allow the user to select a longer period of time (up to 4 hours) before re-prompting. The revised dialog box also displays under other applications, instead of on top of them.
In Windows 7 and Vista, once automatic updates have finished, the computer will shut down after a countdown, sometimes causing the countdown to finish and the system to reboot while the user is in the middle of using the computer (or away from the computer and not wanting it to reboot), possibly losing data, gameplay advancement, etc. The user can choose to disable automatic restarts entirely via a registry edit or by changing the group policy.
In Windows 8, users have 3 days (72 hours) before the computer reboots automatically after installing automatic updates that require a reboot. Windows 8 also consolidates the restart requests for non-critical updates into just one per month.
Windows Update makes use of Transactional NTFS, a file system feature introduced with Windows Vista, when performing updates to Windows system files. This feature helps Windows recover cleanly in the event of an unexpected shut-down during an update, as the transactioning system will ensure that changes are committed to the file system (in particular, to the persistent files of the registry) in an atomic fashion.
On August 15, 2016, Microsoft announced that effective October 2016, all future patches to Windows 7 and 8.1 will become cumulative as with Windows 10. The ability to download and install individual updates will be removed as existing updates are transitioned to this model.
Windows 10 contains major changes to Windows Update operations; it no longer allows the manual, selective installation of updates. All updates, regardless of type (this includes hardware drivers), are downloaded and installed automatically, and users are only given the option to choose whether their system will reboot automatically to install updates when the system is inactive, or be notified to schedule a reboot. Microsoft offers a diagnostic tool that can be used to hide updates and prevent them from being reinstalled, but only after they had been already installed, then uninstalled without rebooting the system.
All updates to Windows 10 are cumulative. Initially Microsoft withheld information on the specific changes within each update within its KB articles. However, since early 2016 Microsoft has begun releasing more detailed information on the specific changes within each update.
Windows Update on Windows 10 supports peer to peer distribution of updates; by default, systems' bandwidth is used to distribute previously downloaded updates to other users, in combination with Microsoft servers. Users may optionally change Windows Update to only perform peer to peer updates within their local area network.
|This section requires expansion. (January 2015)|
From Microsoft Vista onwards, updates can include the following file types:
- .manifest - manifest
- .mum - Microsoft Update Manifest files
- .cat - security catalog
A persistent bug in Microsoft Update affecting Windows computers allowed the update process
svchost.exe to claim 100% of a computer's processor for extended periods of time (up to hours), making affected computers unusable. A report in December 2013 identified the cause as an exponential algorithm in the evaluation of superseded updates.
Shortly after the launch of Windows 8, several important updates caused problems for some installations of Windows 8 on laptop computers. Some users were not able to install update KB2756872 unless they rebooted in safe mode and uninstalled audio drivers. Microsoft provided troubleshooting instructions that apparently were initially not easily accessible to many users. For updates KB2769165 and KB2770917, which caused similar issues on some laptop computers, Microsoft did not immediately release workarounds.
As of 2008, Windows Update had about 500 million clients, processed about 350 million unique scans per day, and maintained an average of 1.5 million simultaneous connections to client machines. On Patch Tuesday, the day Microsoft typically releases new software updates, outbound traffic could exceed 500 gigabits per second. Approximately 90% of all clients used automatic updates to initiate software updates, with the remaining 10% using the Windows Update web site. The web site is built using ASP.NET, and processes an average of 90,000 page requests per second.
The following also allow Windows Updates to be automatically downloaded for, or added to, an online or offline system.
One common use for offline updates is to ensure a system is fully patched against security vulnerabilities before being connected to the internet or another network. A second use is that downloads can be very large, but may be depend on a slow or unreliable network connection, or the same updates may be needed for more than one machine.
- Manual (using DISM, Windows Installer, Windows PowerShell or MMC where appropriate)
- Windows Server Update Services (WSUS)
- Microsoft System Center
By other parties
- WSUS Offline Update (not to be confused with Microsoft's WSUS)
- Windows Update Downloader ("WUD")
- Windows Hotfix Downloader / WHDownloader (by same author)
- Portable Update
- Microsoft Update Catalog
- Windows Server Update Services
- Windows Store – Updates Metro-style apps
- De Clercq, Jan; Grillenmeier, Guido (2011). Microsoft Windows Security Fundamentals: For Windows 2003 SP1 and R2. Digital Press. p. 185. ISBN 9780080491882. Retrieved 2014-05-04.
Microsoft Update (MU) is Microsoft's follow-up service to Windows Update (WU).
- Gartner, John (August 24, 1995). "Taking Windows 98 For A Test-Drive". TechWeb. Archived from the original on 2008-05-12. Retrieved 2008-07-29.
- "Strong Holiday Sales Make Windows 98 Best-Selling Software of 1998". PressPass (Press release). Microsoft. February 9, 1999. Retrieved 2008-07-29.
- Slob, Arie (March 22, 2003). "Windows Update is Spying on You!". windows-help.net. Retrieved 2008-07-30.
- Leyden, John (February 28, 2003). "Windows Update keeps tabs on all system software". The Register. Retrieved 2008-07-30.
- "Description of the Windows Critical Update Notification Utility (MSKB244420)". Knowledge Base. Microsoft. December 5, 2007. Retrieved 2008-07-29.
- Moore, H. D. (January 29, 1999). "How the MS Critical Update Notification works...". Retrieved 2008-07-29.
- "Microsoft Update Site Launched". helpwithwindows.com. June 10, 2005. Retrieved 2008-07-30.
- "Microsoft Decommissioning the Office Update Service - FAQ". Office.microsoft.com. Retrieved 2010-04-23.
- Atwood, Jeff (May 13, 2005). "XP Automatic Update Nagging". Coding Horror: .NET And Human Factors. Retrieved 2006-09-22.
- "Windows Update - Keep your PC up to date - Microsoft Windows". Microsoft.com. Retrieved 2012-08-13.
- Savov, Vlad (2011-11-15). "Windows 8 auto-update will consolidate restarts into one per month, give you three days to do it". The Verge. Retrieved 2012-08-13.
- "NTFS Beta Chat Transcript". TechNet Blogs. Microsoft. July 12, 2006. Retrieved 22 September 2006.
- "Windows 7, 8.1 moving to Windows 10's cumulative update model". Ars Technica. Conde Nast Digital. Retrieved 16 August 2016.
- "Windows 10 lets you schedule Windows Update restarts". CNET. Retrieved 4 August 2015.
- "Did Microsoft Just Backtrack On Forced Updates For Windows 10?". CRN.com. Retrieved 4 August 2015.
- "On the road to Windows 10: Nvidia driver tests KB 3073930 patch blocker". InfoWorld. Retrieved 31 July 2015.
- "On the road to Windows 10: Problems with forced updates and KB 3073930". InfoWorld. Retrieved 31 July 2015.
- "Windows 10 users beg Microsoft for more info on updates". Computerworld. IDG. Retrieved 30 September 2015.
- "Windows 10 update details". Windows 10 update history. Microsoft. Retrieved 4 March 2016.
- "How to stop Windows 10 from using your PC's bandwidth to update strangers' systems". PC World. IDG. Retrieved 4 August 2015.
- "Microsoft Security Advisory: Fraudulent digital certificates could allow spoofing". Microsoft Support. Microsoft. 2014. Retrieved 2014-10-16.
The MANIFEST files (.manifest) and the MUM files (.mum), and the associated security catalog (.cat) files, are critical to maintaining the state of the updated component. The security catalog files, for which the attributes are not listed, are signed with a Microsoft digital signature.
- Pilarta, Jay (December 2009). "Crimson Spectrum". Crimson Spectrum. Retrieved 2014-10-16.
If CheckSUR was not able to resolve the issue it will be due to missing files such as the .MUM (Microsoft Update Manifest) and the accompanied .CAT (Security Catalog) files.
- Bright, Peter (16 December 2013). "Exponential algorithm making Windows XP miserable could be fixed". Ars Technica.
- Leonhard, Woody (16 December 2013). "Microsoft promises to fix Windows XP SVCHOST redlining 'as soon as possible'". InfoWorld.
- "Troubleshooting KB2756872". Retrieved 2012-11-13.
- "Microsoft Community on KB2756872". Retrieved 2012-11-13.
- "Troubleshooting several updates". Retrieved 2012-11-17.
- "RSA Conference 2005: "Security: Raising the Bar" (speech transcript)". PressPass. Microsoft. February 15, 2005. Retrieved 2008-07-30.
- "Microsoft Announces Availability of New Solutions to Help Protect Customers Against Spyware and Viruses". PressPass. Microsoft. January 6, 2005. Retrieved 2008-07-30.
- "Introducing the Microsoft.com Engineering Operations Team". Microsoft TechNet. Microsoft. 2008. Retrieved 31 May 2012.
- It is currently Thu Oct 15, 2015 5:47 am. "Index page". Autopatcher.net. Retrieved 2015-10-15.