New update options for Windows 10, version 1703


With the release of Windows 10, we simplified the servicing process by moving to cumulative updates, where each update released contains all the new fixes for that month, as well as all the older fixes from previous months. Today, most organizations deploy these cumulative updates when they are released on the second Tuesday of every month, also called “Update Tuesday.” Because these updates contain new security fixes, they are considered “Security Updates” in Windows Server Update Services (WSUS) and System Center Configuration Manager.

Based on feedback from customers, we are making some adjustments to the updates that we are releasing for Windows 10, version 1703 (also known as the “Creators Update”). With these changes, we will routinely offer one (or sometimes more than one) additional update each month. These additional cumulative updates will contain only new non-security updates, so they will be considered “Updates” in WSUS and Configuration Manager.

windows-10-1703-servicing

Note that we may occasionally identify non-security fixes that address more critical issues that could be affecting organizations. In those rare cases, a cumulative update would be considered as “Critical Updates” in WSUS and Configuration Manager.

For those using Windows Update for Business, these new “Updates” and “Critical Updates” will not be installed on any devices that have been configured with Windows Update for Business policies.

Organizations have the flexibility to choose what to do with these new non-security cumulative updates:

  • Deploy each of them just like the updates on “Update Tuesday.” This enables the organization’s PCs to get the latest fixes more quickly.
  • Deploy each of them to a subset of devices. This enables the organization to ensure that these new non-security fixes work well, prior to those same fixes being included in the next “Update Tuesday” cumulative update which will be deployed throughout the organization.
  • Selectively deploy them, based on whether they address specific issues affecting the organization, ahead of the next “Update Tuesday” cumulative update.
  • Don’t deploy them at all. There is no harm in doing this since the same fixes will be included in the next “Update Tuesday” cumulative update (along with all the new security fixes).

We believe these additional cumulative updates, and the increased flexibility that they provide to organizations, will be beneficial to organizations of all types. As always, please continue to provide feedback on other ways that we can continue to improve the Windows 10 servicing process.

Comments (9)

  1. NeighborGeek says:

    Michael -- I want to make sure I understand this correctly. Are you saying that updates which are not security fixes but would previously have been included in the monthly cumulative update will now be split off into a separate 'non-security update'?

    Will the 'non-security update' be released on 'Update Tuesday' alongside the security update?

    Lastly, since the 'non-security update' will be rolled into the following month's regular security update, this change is effectively just delaying the required rollout of non-security changes by one month. They will still have to be installed the following month to stay current with security updates, but this gives admins a one month 'preview' window for testing the non-security updates before they have to be installed. Do I have that right?

    1. Along those lines... how is this different from the Preview ring of the Insider's program? Will we have both, in the future?

      1. The "Release Preview" Insider ring will get these same updates, but earlier in the process before they are published broadly to Windows Update, WSUS, and the Windows Update Catalog.

    2. I would position it slightly differently. Before, most organizations picked up new security and non-security updates in the cumulative update released on Update Tuesday. Now those non-security updates will be available a couple of weeks earlier. This gives you the opportunity to validate these non-security fixes, in advance of the Update Tuesday package (which will include the same fixes, so if you don't deploy this non-security update, you'll still get the same fixes a couple of weeks later).

  2. Dan says:

    How will this affect OS build numbers?

    1. The OS build number (e.g. 15063 for Windows 10 1703) never changes. But every update that you install will increment the minor build number.

      As an example, the last cumulative security update (released on April 12th) changed the minor build number, so you would then see 15063.138. The first of these non-security updates, released today, changed the minor build number again, so you would then see 15063.250. See http://aka.ms/win10releasenotes for more info.

  3. Jared S. _ says:

    Will these new updates also be offered for Windows Server 2016?

    1. At this point, no, just for Windows 10 1703. We're looking at the potential for doing this for other Windows releases at some point in the future.

  4. Note that the first of these non-security cumulative updates for Windows 10 1703 (KB4016240) was released today. See http://aka.ms/win10releasenotes for more info.

Skip to main content