Managing rapid-fire Windows updates

Speaking to a financial analyst at Citigroup’s Global Technology Conference in September, Intel’s chief financial officer David Zinsner caused a bit of a stir when he hinted at a future release of Windows, quite possibly Windows 12, coming in 2024. Zinsner’s implication was that the upcoming “Windows refresh” would be major enough to require new hardware.

Whatever it’s called, this update to Windows is rumored to bring considerable change to the operating system and will be yet another disruption that requires IT managers to test and validate with their custom environments — something they’ve had to do a lot of lately.

Windows is already notorious for frequent updating. In the days of Windows XP, service packs with new features came every two years. But the technology world moves much faster now, and Microsoft’s hand was forced to deliver more frequent updates. For several years under Windows 10, there were big updates introducing new features twice per year, along with the monthly patches to address security issues and fix bugs. With the release of Windows 11 in 2021, Microsoft said it would scale back to annual feature updates — but a year later, the company started rolling out features in smaller updates known as “Moments” several times a year.

And the latest rumors are pointing to a return to annual Windows feature updates starting next year. Just when IT gets accustomed to one release cadence, Microsoft switches it up again.

“What do they [Microsoft executives] always start the discussion with when they’re doing a demo of a new release? ‘Customers tell us,’ right?” said Mike Cherry, senior analyst with Directions on Microsoft. The implication is that customers are asking for faster releases, he said. “Well, I’ve never met those customers. I’d love to meet them. But they’re not the ones that talk to me.”

Cherry said it would be one thing if the monthly patches just fixed vulnerabilities, but they often include random updates. “Microsoft’s never been able to discipline itself to only release security updates on Patch Tuesday. So we never know whether we’re gonna get features or whether we’re going to get an update that has a feature and zero-day vulnerability patch,” he said.

Vadim Vladimirskiy, CEO and co-founder of Nerdio, a Microsoft partner and ISV, agrees with Cherry. “I would say that definitely the sentiment on the ground that we get from IT professionals [is] that the rate of change is very high — higher than they’d like it to be,” he said.

But Ben Bajarin, president of consultancy Creative Strategies, says the frequent updates are necessary. “These aren’t gigantic patches. There are enough problematic issues that just need to be solved. I get it: no consumer or enterprise wants to keep saying, ‘Here’s the new update and now I’ve got to install it.’ But Windows is the beast that it is, and those constant updates are needed,” he said.

Sticking with Windows 10 (for now)

Microsoft is clearly moving faster than IT. Many companies remain on Windows 10 and have not made the migration to Windows 11 two years after its release. According to IDC, 29% of PCs sold this year shipped with Windows 10, all to corporate customers. New consumer PCs have completely migrated to Windows 11.

Analytics firm StatCounter puts the current installed base of Windows 10 at 68%, with Windows 11 trailing far behind at less than 27%. (Two years after Windows 10 was released, it was tied with Windows 7 at 41%, a much faster ramp-up than Windows 11 has seen.) StatCounter’s figures aren’t broken down by consumer vs. business use, but it’s a good bet that a significant percentage of Windows 10 PCs operating today are in the hands of business users.

Blame for the slow migration to Windows 11 can largely be attributed to the stringent hardware requirements to install it. Whereas virtually every PC running Windows 7 was qualified to upgrade to Windows 10 when it was first released, only the newest of PCs could be upgraded to Windows 11 at its release, because older PCs didn’t have required security features like TPM 2.0 and secure boot. Whether they want to or not, most consumers and businesses have had to wait until they buy new PCs to make the move to Windows 11.

And companies have been slow to refresh their laptops, Cherry says. “In the Windows world, people are quite happy running operating systems for five to seven years. And [with Windows 11] Microsoft made this change that was so significant in the hardware that they made a break,” he said.

Of course, even corporations that are still purchasing new PCs with Windows 10 will have to abandon it at some point. Mainstream support for the OS is set to end on Oct. 14, 2025. (Enterprises that use the long-term servicing channel, LTSC, will get security patches until at least Jan. 12, 2027.) When mainstream support ends, businesses will be able to purchase Extended Security Updates for up to three years. After that, they’ll need to move on or leave their systems unpatched.

Managing constant change

So change is inevitable with Windows, but Vladimirskiy believes that if managed properly, Microsoft’s rapid rate of change doesn’t have to be disruptive. “I mean, there’s always a risk and there’s going to be a certain percentage of users that may be disrupted, but I feel like Microsoft has made the updates themselves more stable and more reliable,” he said.

He complimented the deployment tools Microsoft provides for rolling out updates. “The tools that they are providing around testing those updates, rolling them out in a staged fashion and then rolling them out in full production, have made the process a lot more seamless than when I remember starting my IT career,” he said.

Microsoft has made this process part and parcel of the best practice update strategy that’s implemented through Intune, Microsoft’s administration tool, he adds.

While it may be tempting to wait on Patch Tuesday updates, don’t, advises Cherry. “Up until about a year ago, my own personal thing was I would wait a week after Patch Tuesday… and then I would upgrade,” he said. “But in the environment today, where there are too many zero-day vulnerabilities and too many attacks happening, I patch as quickly as I can. And I live with the risk that I might have a machine that I need to go back in and do something [like a rollback].”

Cherry also believes every organization should take part in the Insider beta test program to see previews of patches and other rollouts before the official release. Don’t wait for the final release from Microsoft; get in on the beta releases to Insider and start testing early, he advises.

“You should have at least one person in your IT department who’s looking at these preview builds so they’re on top of what problems they’re going to expect when the things finally released. You’d have to invest some time in that preview channel,” he said.

Vladimirskiy recommends what he calls Update Rings, which is a feature that allows IT professionals to deploy updates in a staged fashion to different groups of users. “There’s definitely an advantage to deploying an update to a smaller group of users first, waiting to see their reaction response and stability, rolling it out to wider group, and finally rolling it out to the entire organization,” he said.

He also advocates for desktop-as-a-service or a Virtual Desktop Infrastructure (VDI) strategy for production workloads, which lets enterprises test their updates in a virtual sandbox environment without disrupting work and production machines. “Those can be tested well before they’re scheduled for deployment to the physical machines, where testing isn’t as easy and rollback is also not as easy,” said Vladimirskiy.