Other names | Microsoft Update |
---|---|
Developer(s) | Microsoft |
Operating system |
|
Included with |
|
Service name | Windows Update |
Type | Network service |
Website | support.microsoft.com/en-us/windows/windows-update-faq |
Windows Update is a Microsoft service for the Windows 9x and Windows NT families of the Microsoft Windows operating system, which automates downloading and installing Microsoft Windows software updates over the Internet. The service delivers software updates for Windows, as well as the various Microsoft antivirus products, including Windows Defender and Microsoft Security Essentials. Since its inception, Microsoft has introduced two extensions of the service: Microsoft Update and Windows Update for Business. The former expands the core service to include other Microsoft products, such as Microsoft Office and Microsoft Expression Studio. The latter is available to business editions of Windows 10 and permits postponing updates or receiving updates only after they have undergone rigorous testing.
As the service has evolved over the years, so has its client software. For a decade, the primary client component of the service was the Windows Update web app that could only be run on Internet Explorer. Starting with Windows Vista, the primary client component became Windows Update Agent, an integral component of the operating system.
The service provides several kinds of updates. Security updates or critical updates mitigate vulnerabilities and security exploits in Microsoft Windows. Cumulative updates are updates that bundle multiple updates, both new and previously released updates. Cumulative updates were introduced with Windows 10 and only some been backported to Windows 7 and Windows 8.1. Windows 11 24H2 also introduced checkpoint cumulative updates [1] and updates with Hotpatch capable in the name, where some of the updates no longer require reboot. [2] [3]
Microsoft routinely releases updates on the second Tuesday of each month (known as the Patch Tuesday B updates), but can provide them whenever a new update is urgently required to prevent a newly discovered or prevalent exploit, so called out-of-band updates. [4] System administrators can configure Windows Update to install critical updates for Microsoft Windows automatically, so long as the computer has an Internet connection.
In Windows 10 and Windows 11, the use of Windows Update is mandatory, however, the software agreement states that users may stop receiving updates on their device by disconnecting their device from the Internet. [5] [6]
There also exist C and D updates, [7] that users enroll in when they click the update button. [8]
Windows Update was introduced as a web app with the launch of Windows 98 and offered additional desktop themes, games, device driver updates, and optional components such as NetMeeting. [9] Windows 95 and Windows NT 4.0 were retroactively given the ability to access the Windows Update website and download updates designed for those operating systems, starting with the release of Internet Explorer 4. The initial focus of Windows Update was free add-ons and new technologies for Windows. Security fixes for Outlook Express, Internet Explorer and other programs appeared later, as did access to beta versions of upcoming Microsoft software, e.g. Internet Explorer 5. Fixes to Windows 98 to resolve the Year 2000 problem were distributed using Windows Update in December 1998. Microsoft attributed the sales success of Windows 98 in part to Windows Update. [10]
The Windows Update web app requires either Internet Explorer or a third-party web browser that supports the ActiveX technology. The earliest version of the web app, version 3, does not send any personally-identifiable information to Microsoft. Instead, the app downloads a full list of every available update and chooses which one to download and install. But the list grew so large that the performance impact of processing became a concern. Arie Slob, writing for the Windows-help.net newsletter in March 2003, noted that the size of the update list had exceeded 400 KB , which caused delays of more than a minute for dial-up users. [11] Windows Update v4, released in 2001 in conjunction with Windows XP, changed this. This version of the app makes an inventory of the system's hardware and Microsoft software and sends them to the service, thus offloading the processing burden to Microsoft servers. [11]
Critical Update Notification Utility (initially Critical Update Notification Tool) is a background process that checks the Windows Update web site on a regular schedule for new updates that have been marked as "Critical". It was released shortly after Windows 98.
By default, this check occurs every five minutes, plus when Internet Explorer starts; however, the user could configure the next check to occur only at certain times of the day or on certain days of the week. The tool queries the Microsoft server for a file called "cucif.cab
", which contained a list of all the critical updates released for the operating system. The tool then compares this list with the list of installed updates on its machine and displays an update availability notification. Once the check is executed, any custom schedule defined by the user is reverted to the default. Microsoft stated that this ensures that users received notification of critical updates in a timely manner. [12]
An analysis done by security researcher H. D. Moore in early 1999 was critical of this approach, describing it as "horribly inefficient" and susceptible to attacks. In a posting to BugTraq, he explained that, "every single Windows 98 computer that wishes to get an update has to rely on a single host for the security. If that one server got compromised one day, or an attacker cracks the [Microsoft] DNS server again, there could be millions of users installing trojans every hour. The scope of this attack is big enough to attract crackers who actually know what they are doing..." [13]
Microsoft continued to promote the tool through 1999 and the first half of 2000. Initial releases of Windows 2000 shipped with the tool. The tool did not support Windows 95 and Windows NT 4.0.
Automatic Updates is the successor of the Critical Update Notification Utility. It was released in 2000, along with Windows Me. It supports Windows 2000 SP3 as well.
Unlike its predecessor, Automatic Updates can download and install updates. Instead of the five-minute schedule used by its predecessor, Automatic Updates checks the Windows Update servers once a day. After Windows Me is installed, a notification balloon prompts the user to configure the Automatic Updates client. The user can choose from three notification schemes: Being notified before downloading the update, being notified before installing the update, or both. If new updates are ready to be installed, the user may install them before turning off the computer. A shield icon will be displayed on the Shutdown button during this time.
Windows XP and Windows 2000 SP3 include Background Intelligent Transfer Service, a Windows service for transferring files in the background without user interaction. As a system component, it is capable of monitoring the user's Internet usage, and throttling its own bandwidth usage in order to prioritize user-initiated activities. The Automatic Updates client for these operating systems was updated to use this system service.
Automatic Updates in Windows XP gained notoriety for repeatedly interrupting the user while working on their computer. Every time an update requiring a reboot was installed, Automatic Updates would prompt the user with a dialog box that allowed the user to restart immediately or dismiss the dialog box, which would reappear in ten minutes; a behavior that Jeff Atwood described as "perhaps the naggiest dialog box ever." [14]
In 2013, it was observed that shortly after the startup process, Automatic Updates (wuauclt.exe
) and Service Host ( svchost.exe)
in Windows XP would claim 100% of a computer's CPU capacity for extended periods of time (between ten minutes to two hours), making affected computers unusable. According to Woody Leonhart of InfoWorld, early reports of this issue could be seen in Microsoft TechNet forums in late May 2013, although Microsoft first received large number of complaints about this issue in September 2013. The cause was an exponential algorithm in the evaluation of superseded updates which had grown large over the decade following the release of Windows XP. Microsoft's attempts to fix the issue in October, November and December proved futile, causing the issue to be escalated to the top priority. [15] [16]
Starting with Windows Vista and Windows Server 2008, Windows Update Agent replaces both the Windows Update web app and the Automatic Updates client. [17] [18] It is in charge of downloading and installing software update from Windows Update, as well as the on-premises servers of Windows Server Updates Services or System Center Configuration Manager. [19] [20]
Windows Update Agent can be managed through a Control Panel applet, as well as Group Policy, Microsoft Intune and Windows PowerShell. It can also be set to automatically download and install both important and recommended updates. In prior versions of Windows, such updates were only available through the Windows Update web site. Additionally, Windows Update in Windows Vista supports downloading Windows Ultimate Extras, optional software for Windows Vista Ultimate Edition.
Unlike Automatic Updates in Windows XP, Windows Update Agent in Windows Vista and Windows 7 allows the user to postpone the mandatory restart (required for the update process to complete) for up to four hours. The revised dialog box that prompts for the restart appears under other windows, instead of on top of them. However, standard user accounts only have 15 minutes to respond to this dialog box. This was changed with Windows 8: Users have 3 days (72 hours) before the computer reboots automatically after installing automatic updates that require a reboot. Windows 8 also consolidates the restart requests for non-critical updates into just one per month. Additionally, the login screen notifies them of the restart requirements. [21]
Windows Update Agent makes use of the Transactional NTFS feature introduced with Windows Vista to apply updates to Windows system files. This feature helps Windows recover cleanly in the event of an unexpected failure, as file changes are committed atomically. [22]
Windows 10 contains major changes to Windows Update Agent operations; it no longer allows the manual, selective installation of updates. All updates, regardless of type (this includes hardware drivers), are downloaded and installed automatically, and users are only given the option to choose whether their system would reboot automatically to install updates when the system is inactive, or be notified to schedule a reboot. [23] [24] Microsoft offers a diagnostic tool that can be used to hide troublesome device drivers and prevent them from being reinstalled, but only after they had been already installed, then uninstalled without rebooting the system. [25] [26]
Windows Update Agent on Windows 10 supports peer-to-peer distribution of updates; by default, systems' bandwidth is used to distribute previously downloaded updates to other users, in combination with Microsoft servers. Users may optionally change Windows Update to only perform peer-to-peer updates within their local area network. [27]
Windows 10 also introduced cumulative updates. For example, if Microsoft released updates KB00001 in July, KB00002 in August, and KB00003 in September, Microsoft would release cumulative update KB00004 which packs KB00001, KB00002, and KB00003 together. Installing KB00004 will also install KB00001, KB00002 and KB00003, mitigating the need for multiple restarts and reducing the number of downloads needed. KB00004 may also include other fixes with their own KB-number that were not separately released. [28] A disadvantage of cumulative updates is that downloading and installing updates that fix individual problems is no longer possible. KB stands for knowledge base as in Microsoft Knowledge Base.
Windows Update for Business is a term for a set of features in the Pro, Enterprise and Education editions of Windows 10, intended to ease the administration of Windows across organizations. It enables IT pros to: [29] [30] [31]
These features were added in Windows 10 version 1511. [34] They are intended for large organizations with many computers, so they can logically group their computers for gradual deployment. Microsoft recommends a small set of pilot computers to receive the updates almost immediately, while the set of most critical computers to receive them after every other group has done so, and has experienced their effects. [35]
Other Microsoft update management solutions, such as Windows Server Update Services or System Center Configuration Manager, do not override Windows Update for Business. Rather, they force Windows 10 into the "dual scan mode". This can cause confusion for administrators who do not comprehend the full ramifications of the dual scan mode. [36]
As organizations continued to use more computers, the per-machine Windows Update clients started to become unwieldy and insufficient. In response to the need of organizations for deploying updates to many machines, Microsoft introduced Software Update Services (SUS), which was later renamed Windows Server Update Services (WSUS). A component of the Windows Server family of operating systems, WSUS downloads updates for Microsoft products to a server computer on which it is running and redistributes them to the computers within the organization over a local area network (LAN). One of the benefits of this method is a reduction in the consumption of Internet bandwidth, equal to (N-1)×S, where N is the number of computers in the organization and S is the size made by the updates. Additionally, WSUS permits administrators to test updates on a small group of test computers before deploying them to all systems, in order to ensure that business continuity is not disrupted because of the changes of the updates. For very large organizations, multiple WSUS servers can be chained together hierarchically. Only one server in this hierarchy downloads from the Internet.
Update packages distributed via the Windows Update service can be individually downloaded from Microsoft Update Catalog. These updates can be installed on computers without internet access (e.g. via USB flash drive) or slipstreamed with a Windows installation. In case of the former, Windows Update Agent (wusa.exe
) can install these files. In case of the latter, Microsoft deployment utilities such as DISM, WADK and MDT can consume these packages.
Microsoft offers System Center Configuration Manager for very complex deployment and servicing scenarios. The product integrates with all of the aforesaid tools (WSUS, DISM, WADK, MDT) to automate the process.
A number of tools have been created by independent software vendors which provide the ability for Windows updates to be automatically downloaded for, or added to, an online or offline system. One common use for offline updates is to ensure a system is fully patched against security vulnerabilities before being connected to the Internet or another network. A second use is that downloads can be very large, but may be dependent on a slow or unreliable network connection, or the same updates may be needed for more than one machine. AutoPatcher, WSUS Offline Update, PortableUpdate, and Windows Updates Downloader are examples of such tools. [37]
Third-party services exist for obtaining updates from Windows Update for older Windows versions. These include Legacy Update, which is a community-driven third party replacement for the Windows Update servers for unsupported versions of Windows from Windows 2000 onward. [38] [39] Windows Update Restored is another community-driven third-party replacement for Windows Update on older versions of Windows designed to replicate the functionality of older Windows Update versions, which also includes the old updates for all Windows 9x releases and Windows NT 4.0. [40] [38]
At the beginning of 2005, Windows Update was being accessed by about 150 million people, [41] with about 112 million of those using Automatic Updates. [42] As of 2008 [update] , Windows Update had about 500 million clients, processed about 350 million unique scans per day, and maintained an average of 1.5 million simultaneous connections to client machines. On Patch Tuesday, the day Microsoft typically releases new software updates, outbound traffic could exceed 500 gigabits per second. [43] Approximately 90% of all clients used automatic updates to initiate software updates, with the remaining 10% using the Windows Update web site. The website is built using ASP.NET, and processes an average of 90,000 page requests per second.
Traditionally, the service provided each patch in its own proprietary archive file. Occasionally, Microsoft released service packs which bundled all updates released over the course of years for a certain product. Starting with Windows 10, however, all patches are delivered in cumulative packages. [44] On 15 August 2016, Microsoft announced that effective October 2016, all future patches to Windows 7 and 8.1 would become cumulative as with Windows 10. The ability to download and install individual updates would be removed as existing updates are transitioned to this model. [45] This has resulted in increasing download sizes of each monthly update. An analysis done by Computerworld determined that the download size for Windows 7 x64 has increased from 119.4MB in October 2016 to 203MB in October 2017. [46] Initially, Microsoft was very vague about specific changes within each cumulative update package. [44] However, since early 2016, Microsoft has begun releasing more detailed information on the specific changes. [47]
In 2011, the Windows Update service was decommissioned for Windows 98, 98 SE, Me and NT 4.0 and the old updates for those systems were removed from its servers. [38] On August 3, 2020, the update service was decommissioned for Windows 2000, XP, Server 2003 and Vista due to Microsoft discontinuing SHA-1 updates. As of 2021 [update] , the old updates for 2000 through Vista are still available on the Microsoft Update Catalog. [48] On the same day SHA-1 updates were discontinued for older Windows versions prior to 7 and Server 2008, updating Windows 7 and Server 2008 via the Windows Update service was also affected, however Microsoft has provided SHA-2 patches that allowed Windows 7 and Server 2008 to continue receiving updates. [48]
At the February 2005 RSA Conference, Microsoft announced the first beta of Microsoft Update, an optional replacement for Windows Update that provides security patches, service packs and other updates for both Windows and other Microsoft software. [49] The initial release in June 2005 provided support for Microsoft Office 2003, Exchange 2003, and SQL Server 2000, running on Windows 2000, XP, and Server 2003. Over time, the list has expanded to include other Microsoft products, such as Windows Live, Windows Defender, Visual Studio, runtimes and redistributables, Zune Software, Virtual PC and Virtual Server, CAPICOM, Microsoft Lync, Microsoft Expression Studio, and other server products. It also offers Silverlight and Windows Media Player as optional downloads if applicable to the operating system.
There are only a handful of command line tools to install windows updates. A very common tool which already works under Windows 7 and has no external dependencies is for example: wuinstall.exe. It can push windows updates to a computer (wuinstall.exe /install).[ citation needed ]
Office Update is a free online service that allows users to detect and install updates for certain Microsoft Office products. The original update service supported Office 2000, Office XP, Office 2003 and Office 2007.
On 1 August 2009 Microsoft decommissioned the Office Update service, merging it with Microsoft Update. [50] Microsoft Update supported all versions of Microsoft Office up to Office 2007 and later, however it does not support Office 2000.
With the introduction of the Office 365 licensing program, however, Microsoft once again activated a separate Office update service. [51] [52]
Windows XP is a major release of Microsoft's Windows NT operating system. It was released to manufacturing on August 24, 2001, and later to retail on October 25, 2001. It is a direct successor to Windows 2000 for high-end and business users and Windows Me for home users.
Windows Me is an operating system developed by Microsoft as part of its Windows 9x family of Microsoft Windows operating systems. It is the successor to Windows 98, and was released to manufacturing on June 19, 2000, and then to retail on September 14, 2000. It was Microsoft's main operating system for home users until the introduction of its successor Windows XP on October 25, 2001.
Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft Corporation which provides a user with a graphical interface to connect to another computer over a network connection. The user employs RDP client software for this purpose, while the other computer must run RDP server software.
Group Policy is a feature of the Microsoft Windows NT family of operating systems that controls the working environment of user accounts and computer accounts. Group Policy provides centralized management and configuration of operating systems, applications, and users' settings in an Active Directory environment. A set of Group Policy configurations is called a Group Policy Object (GPO). A version of Group Policy called Local Group Policy allows Group Policy Object management without Active Directory on standalone computers.
Microsoft Office XP is an office suite which was officially revealed in July 2000 by Microsoft for the Windows operating system. Office XP was released to manufacturing on March 5, 2001, and was later made available to retail on May 31, 2001. A Mac OS X equivalent, Microsoft Office v. X was released on November 19, 2001.
Remote administration refers to any method of controlling a computer or other Internet-connected device, such as a smartphone, from a remote location. There are many commercially available and free-to-use software that make remote administration easy to set up and use. Remote administration is often used when it's difficult or impractical to be physically near a system in order to use it or troubleshoot it. Many server administrators also use remote administration to control the servers around the world at remote locations. It is also used by companies and corporations to improve overall productivity as well as promote remote work. It may also refer to both legal and illegal remote administration.
Windows Fundamentals for Legacy PCs ("WinFLP") is a thin client release of the Windows NT operating system developed by Microsoft and optimized for older, less powerful hardware. It was released on July 8, 2006, nearly two years after its Windows XP SP2 counterpart was released in August 2004, and is not marketed as a full-fledged general purpose operating system, although it is functionally able to perform most of the tasks generally associated with one. It includes only certain functionality for local workloads such as security, management, document viewing related tasks and the .NET Framework. It is designed to work as a client–server solution with RDP clients or other third party clients such as Citrix ICA. Windows Fundamentals for Legacy PCs reached end of support on April 8, 2014 along with most other Windows XP editions.
Windows Genuine Advantage (WGA) was an anti-infringement system created by Microsoft used to validate the licences of several Microsoft Windows operating systems upon accessing services such as Windows Update and Microsoft Download Center.
Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program and network service developed by Microsoft Corporation that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers in a corporate environment. WSUS downloads these updates from the Microsoft Update website and then distributes them to computers on a network. WSUS is an integral component of Windows Server.
In software licensing, volume licensing is the practice of using one license to authorize software on a large number of computers and/or for a large number of users. Customers of such licensing schemes are typically business, governmental or educational institutions, with prices for volume licensing varying depending on the type, quantity and applicable subscription-term. For example, Microsoft software available through volume-licensing programs includes Microsoft Windows and Microsoft Office.
As the next version of Windows NT after Windows 2000, as well as the successor to Windows Me, Windows XP introduced many new features but it also removed some others.
Criticism of Windows XP deals with issues with security, performance and the presence of product activation errors that are specific to the Microsoft operating system Windows XP.
Background Intelligent Transfer Service (BITS) is a component of Microsoft Windows XP and later iterations of the operating systems, which facilitates asynchronous, prioritized, and throttled transfer of files between machines using idle network bandwidth. It is most commonly used by recent versions of Windows Update, Microsoft Update, Windows Server Update Services, and System Center Configuration Manager to deliver software updates to clients, Microsoft's anti-virus scanner Microsoft Security Essentials to fetch signature updates, and is also used by Microsoft's instant messaging products to transfer files. BITS is exposed through the Component Object Model (COM).
Microsoft Windows Malicious Software Removal Tool (MSRT) is a freeware second-opinion malware scanner that Microsoft's Windows Update downloads and runs on Windows computers each month, independent of the installed antivirus software. First released on January 13, 2005, MSRT does not offer real-time protection. It scans its host computer for specific, widespread malware, and tries to eliminate the infection. Outside its monthly deployment schedule, it can be separately downloaded from Microsoft.
Security and Maintenance is a component of the Windows NT family of operating systems that monitors the security and maintenance status of the computer. Its monitoring criteria includes optimal operation of antivirus software, personal firewall, as well as the working status of Backup and Restore, Network Access Protection (NAP), User Account Control (UAC), Windows Error Reporting (WER), and Windows Update. It notifies the user of any problem with the monitored criteria, such as when an antivirus program is not up-to-date or is offline.
Windows Home Server is a home server operating system from Microsoft. It was announced on 7 January 2007 at the Consumer Electronics Show by Bill Gates, released to manufacturing on 16 July 2007 and officially released on 4 November 2007.
Windows XP, which is the next version of Windows NT after Windows 2000 and the successor to the consumer-oriented Windows Me, has been released in several editions since its original release in 2001.
Windows 10, a proprietary operating system released by Microsoft in July 2015, has been criticized by reviewers and users. Due to issues mostly about privacy, it has been the subject of a number of negative assessments by various groups.
Windows Update MiniTool is a freeware application client created by a Russian programmer named stupid user, and was released in 2015. It is an alternative to Windows Update for the Microsoft Windows operating systems by allowing users to search, install, postpone, and disable updates.
Canada. You may stop receiving updates on your device by turning off Internet access. If and when you re-connect to the Internet, the software will resume checking for and installing updates.
To resolve this issue, install Cumulative Update 21
Windows Update for Business is intended for machines running Windows 10 or later, and Windows 10 Education, Professional, or Enterprise editions managed in organizations.