Before you start
Objectives: learn what are updates, why do we need them, how to use update features in Windows and what is the difference between Windows Update and Microsoft Update.
Prerequisites: no prerequisites.
Key terms: update, service, Microsoft, Windows, fix, device, operating, install, firmware, application
What are (Windows) Updates
Almost every software that we use needs to be constantly updated. Some updates are used to fix bugs in the code, to fix security problems, or to add functions or features not previously included with the software. Because of that it’s important to keep our drivers, applications, and our operating system up to date.
Windows Update enable us to download and install recommended and important updates automatically, without having to visit Windows Updates website. The Windows Updates console in Control Panel is the primary tool we can use to manage updates on Windows. Users with administrative privileges can check for updates, change update settings, review installed updates and view hidden updates. On the other hand, standard users can only check for updates and install updates. Have in mind that Windows Updates rely on Windows Update service which is set to start automatically by default.
Microsoft classifies updates in several ways. For example, updates can be classified as either Hot Fixes or Service Packs. A Hot Fix is a patch that addresses one specific problem with the operating system or its related files. Hot Fixes are created on a periodic basis as Microsoft finds and fixes problems in the code. We might have a release that includes several Hot Fixes, but again the Hot Fixes are identified to fix a specific problem. We can choose to install one or multiple Hot Fixes to fix the problems that we might have.
Service Pack or SP identifies a set of hotfixes and other system enhancements. Service Packs include all Hot Fixes that have been released up to the release of the Service Pack. Service Pack is a collection of fixes that bring the operating system up to it’s most current level. Service Packs are identified with a number, such as SP1, SP2, SP3, etc. When we check the version of our operating system we’ll typically see the designation for the service pack that has been installed. Installing one Service Pack also includes all previous service packs. To get the most up to date we also have to apply any additional Hot Fixes that were released since the Service Pack was released. Hotfixes and Service Packs are specific to an operating system version. A hotfix for Windows Vista will not work on Windows 7. However, a hotfix for Windows 7 Home Premium will typically also apply to Windows 7 Professional. In a business environment we should test updates before installing them on multiple systems.
Updates are also classified as Important, Recommended, or Optional. Updates can have three different classifications. Important updates are updates that address critical security issues and in some cases they are proactive. In other cases, they are a reaction to a security issue that is already available for exploit. This is why they are very important to be installed. Recommended updates often address functionality issues. Optional updates provide items such as driver updates, language packs or updates that enhance or add functionality to our system.
Windows Update vs Microsoft Update
Microsoft includes an update feature that can help us keep our operating system up to date. Windows Update feature automatically identifies, downloads and installs updates for the operating system and common driver files that have been registered with Microsoft. Another, similar service called Microsoft Update updates all products that Windows Update monitors, and also provides updates for other Microsoft products, such as Microsoft Office. So with Windows Update we get operating system and driver updates, whereas with Microsoft Update we get operating system, driver as well as other Microsoft product updates. With either solution we can automatically download and install important updates. Windows Update can install both hotfixes and service packs.
Only users with administrative rights can change Windows Update settings. Typical settings we can choose from are:
- Install updates automatically – this is the default option. We can customize the frequency and the schedule of automatic updates.
- Download and notify, but don’t install them – updates are downloaded and we are notified about them, but we can choose when to install them.
- Check for updates and notify, but don’t download or install them – with this option we will only be notified about the updates, but updates won’t be downloaded automatically.
- Turn off automatic update checking – this option will not check for updates automatically. In this case we have to manually check for updates. This is not a recommended solution.
The default is to check, download, and install updates automatically. We can customize the schedule of automatic updates. We can also manually check for updates. When we perform a manual check, it only checks for updates and does not download them or install them. At any time we can view a list of installed updates and remove any updates.
Additionally, we have two more options related to updates. With “Give me recommended updates” we treat recommended updates the same as important updates. The result of this is the automatic installation of recommended updates. Optional updates in this case still have to be manually installed. The “Allow all users to install updates” is enabled by default. If we disable this option, only the members of the Administrators group will be able to install updates.
When we get a list of available updates we can also choose not to install specific update. We can also hide and update if we don’t want to install and if we want to prevent it from showing on the list of available updates. Choosing to hide an update declines the update. Only administrators can hide and unhide updates. The Windows Update console also allows us to view a list of previously installed updates trough the “View update history option”. This list will also show us updates that were not installed successfully.
Updates can also be downloaded during the installation of our Windows system. We call this type of updates the Dynamic Updates. Dynamic Updates check for critical updates and use them to patch the OS. Dynamic Updates also try to find any missing drivers to complete the whole installation. During the Windows installation we will also be asked to configure Windows Update default settings. We can use default, recommended settings, or we can choose to only install important updates, or we can choose the option to set those settings later. The default Windows Update settings attempt to detect and install important updates every day at 3 am. If the computer is not on at that time, the Windows Update process starts the next time the computer is turned on.
After we have been notified about the updates, we will be presented with the listed updates available for download and installation. When viewing this list we can get detailed information about each update. Each update is identified with a number that’s preceded by ‘KB’, which stands for Knowledge Base article. Knowledge base article provides information about what the update is, why it is needed, and any potential problems that update may cause. If we happen to install an update and start experiencing problems, we should check knowledge base article related to that update to see if those problems have been documented and if there are any workarounds to deal with the issue. If the installed update is causing problems we can uninstall it. If we want to fix the problem associated with some Knowledge Base article, we can simply apply the Hot Fix with the same number as the Knowledge Base article.
We can also choose to hide certain updates. When we hide an update, we will not be notified about it and it will not be installed automatically. We can use this feature if we know that certain update causes system instability or similar. When viewing a list of installed updates, we only see a knowledge base identifier of the update. This means that we must know the knowledge base identifier of an update to uninstall it. After uninstalling the update, it will show up in a list of available updates, so we should hide it so we don’t install it again by accident.
If we are in domain environment, we can control client updates using Group Policy settings. We can also force our clients to uses WSUS server to get the updates, instead of downloading them from the Internet. Microsoft Update process runs in the background, so we can continue to work with our computer.
If the installation fails, there could be several reasons. For example, to install updates we have to accept the Microsoft software license terms when prompted. We also have to have enough free space on our disk to install updates. Some updates cannot be applied while the computer running, so we have to restart our system in order to apply it.
Some networks have specific network firewalls or proxy servers that limit the outbound and inbound network traffic. This can present problems for Windows Update clients that try to contact Microsoft Update servers on the Internet. There are several solutions for such situations. We can either deploy a WSUS server locally and configure clients to contact the WSUS server instead of the Microsoft Update server on the Internet. Another solution is to manually configure clients so that they communicate with the Microsoft Update servers trough firewall or proxy. Although Internet Explorer has proxy settings, Windows Update can’t use those settings. To configure Windows Update clients to access updates trough a proxy, we can use either Web Procy Auto Detect (WPAD) feature or the netsh command line tool. WPAD locates an available proxy by querying a Dynamic Host Configuration Protocol (DHCP) server or by checking a Domain Name System (DNS) record. The netsh tool can be used to import proxy settings configured for Internet Explorer. The last solution is to manually download updates directly from the Microsoft website on another computer and install them manually. Updates that we manually download will have a .msu extension.
Information about Windows Update is stored in the %WinDir%\WindowsUpdate.log file. The log file contains information about how the computer is configured to get updates, including the name of the server it tries to contact when checking for and downloading updates. Installing an update automatically creates a restore point. A restore point is a snapshot of the operating system settings and user data files on protected volumes, which is used for system recovery if necessary.
Note that not all drivers and non-Microsoft applications are made available through the Windows Update service. To keep drivers and non Microsoft applications updated we will need to check with the hardware or software company for new releases. Before installing a device we should check the manufacturers website for a new driver. Many applications include features that check for updates to the software automatically. If not we should manually check for updates for those applications.
Command Line Tools
To manually check for updates but not install them, we can use the command:
To import the Internet Explorer’s Internet Options settings directly we can use the command:
netsh winhttp import proxy source
To install downloaded MSU file we can use the command
<update> is the full path of the MSU file. We can use the /norestart option if we don’t want our computer to reboot after the installation.
Firmware is code embedded in flash memory on a device. Common firmware updates include updates for the BIOS or hardware devices such as switches, routers, or modems. A common way to perform a firmware update is to download the update, connect to the device from another device on the network, and then update the code using a built in updater. We should always follow the instructions when performing firmware updates. Updating the firmware is often called flashing because we are overriding the contents of the flash memory on the device. Before updating we should always back up the current firmware first, if possible. Also, we should not turn off the device until the update is complete. Turning off the device or interrupting the update process could permanently damage the device.
Keeping our systems updated is a part of regular system maintenance. Windows and some applications include features that identify, download and install updates automatically. For other products we will need to periodically check for and install updates. When we experience a problem with a device or a program the first step is often to check for updates and apply those updates.