Windows Update


Windows Update is a Microsoft service for the Windows 9x and Windows NT families of operating system, which automates downloading and installing Microsoft Windows software updates over the Internet. The service delivers software updates for Windows, as well as the various Microsoft antivirus products, including Windows Defender and Microsoft Security Essentials. Since its inception, Microsoft has introduced two extensions of the service: Microsoft Update and Windows Update for Business. The former expands the core service to include other Microsoft products, such as Microsoft Office and Microsoft Expression Studio. The latter is available to business editions of Windows 10 and permits postponing updates or receiving updates only after they have undergone rigorous testing.
As the service has evolved over the years, so have its client software. For a decade, the primary client component of the service was the Windows Update web app that could only be run inside Internet Explorer. Starting with Windows Vista, the primary client component became Windows Update Agent, an integral component of the operating system.
The service provides several kinds of updates. Security updates or critical updates mitigate vulnerabilities against security exploits against Microsoft Windows. Cumulative updates are updates that bundle multiple updates, both new and previously released updates. Cumulative updates were introduced with Windows 10 and have been backported to Windows 7 and Windows 8.1.
Microsoft routinely releases updates on the second Tuesday of each month, but can provide them whenever a new update is urgently required to prevent a newly discovered or prevalent exploit. System administrators can configure Windows Update to install critical updates for Microsoft Windows automatically, so long as the computer has an Internet connection.

Clients

Windows Update web app

Windows Update was introduced as a web app with the launch of Windows 98 and offered additional desktop themes, games, device driver updates, and optional components such as NetMeeting. Windows 95 and Windows NT 4.0 were retroactively given the ability to access the Windows Update website and download updates designed for those operating systems, starting with the release of Internet Explorer 4. The initial focus of Windows Update was free add-ons and new technologies for Windows. Security fixes for Outlook Express, Internet Explorer and other programs appeared later, as did access to beta versions of upcoming Microsoft software, e.g. Internet Explorer 5. Fixes to Windows 98 to resolve the Year 2000 problem were distributed using Windows Update in December 1998. Microsoft attributed the sales success of Windows 98 in part to Windows Update.
The Windows Update web app requires either Internet Explorer or a third-party web browser that supports the ActiveX technology. The first version of the web app, version 3, does not send any personally-identifiable information to Microsoft. Instead, the app downloads a full list of every available update and chooses which one to download and install. But the list grew so large that the performance impact of processing became a concern. Arie Slob, writing for the Windows-help.net newsletter in March 2003, noted that the size of the update list had exceeded, which caused delays of more than a minute for dial-up users. Windows Update v4, released in 2001 in conjunction with Windows XP, changed this. This version of the app makes an inventory of the system's hardware and Microsoft software and sends them to the service, thus offloading the processing burden to Microsoft servers.

Critical Update Notification Utility

Critical Update Notification Utility is a background process that checks the Windows Update web site on a regular schedule for new updates that have been marked as "Critical". It was released shortly after Windows 98.
By default, this check occurs every five minutes, plus when Internet Explorer starts; however, the user could configure the next check to occur only at certain times of the day or on certain days of the week. The tool queries the Microsoft server for a file called "cucif.cab", which contained a list of all the critical updates released for the operating system. The tool then compares this list with the list of installed updates on its machine and displays an update availability notification. Once the check is executed, any custom schedule defined by the user is reverted to the default. Microsoft stated that this ensures that users received notification of critical updates in a timely manner.
An analysis done by security researcher H. D. Moore in early 1999 was critical of this approach, describing it as "horribly inefficient" and susceptible to attacks. In a posting to BugTraq, he explained that, "every single Windows 98 computer that wishes to get an update has to rely on a single host for the security. If that one server got compromised one day, or an attacker cracks the DNS server again, there could be millions of users installing trojans every hour. The scope of this attack is big enough to attract crackers who actually know what they are doing..."
Microsoft continued to promote the tool through 1999 and the first half of 2000. Initial releases of Windows 2000 shipped with the tool. The tool did not support Windows 95 and Windows NT 4.0.

Automatic Updates

Automatic Updates is the successor of the Critical Update Notification Utility. It was released in 2000, along with Windows Me. It supports Windows 2000 SP3 as well.
Unlike its predecessor, Automatic Updates can download and install updates. Instead of the five-minute schedule used by its predecessor, Automatic Updates checks the Windows Update servers once a day. After Windows Me is installed, a notification balloon prompts the user to configure the Automatic Updates client. The user can choose from three notification schemes: Being notified before downloading the update, being notified before installing the update, or both.
If new updates are ready to be installed, you can install the updates before turning off your computer. When updates are waiting to be installed, you'll see a shield icon on the Shutdown button.
Windows XP and Windows 2000 SP3 include Background Intelligent Transfer Service, a Windows service for transferring files in the background without user interaction. As a system component, it is capable of monitoring the user's Internet usage, and throttling its own bandwidth usage in order to prioritize user-initiated activities. The Automatic Updates client for these operating systems was updated to use this system service.
Automatic Updates in Windows XP gained notoriety for repeatedly interrupting the user while working on their computer. Every time an update requiring a reboot was installed, Automatic Updates would prompt the user with a dialog box that allowed the user to restart immediately or dismiss the dialog box, which would reappear in ten minutes; a behavior that Jeff Atwood described as "perhaps the naggiest dialog box ever."
In 2013, it was observed that shortly after the startup process, Automatic Updates and Service Host in Windows XP would claim 100% of a computer's CPU capacity for extended periods of time, making affected computers unusable. According to Woody Leonhart of InfoWorld, early reports of this issue could be seen in Microsoft TechNet forums in late May 2013, although Microsoft first received large number of complaints about this issue in September 2013. The cause was an exponential algorithm in the evaluation of superseded updates which had grown large over the decade following the release of Windows XP. Microsoft's attempts to fix the issue in October, November and December proved futile, causing the issue to be escalated to the top priority.

Windows Update Agent

Starting with Windows Vista and Windows Server 2008, Windows Update Agent replaces both the Windows Update web app and the Automatic Updates client. It is in charge of downloading and installing software update from Windows Update, as well as the on-premises servers of Windows Server Updates Services or System Center Configuration Manager.
Windows Update Agent can be managed through a Control Panel applet, as well as Group Policy, Microsoft Intune and Windows PowerShell. It can also be set to automatically download and install both important and recommended updates. In prior versions of Windows, such updates were only available through the Windows Update web site. Additionally, Windows Update in Windows Vista supports downloading Windows Ultimate Extras, optional software for Windows Vista Ultimate Edition.
Unlike Automatic Updates in Windows XP, Windows Update Agent in Windows Vista and Windows 7 allows the user to postpone the mandatory restart for up to four hours. The revised dialog box that prompts for the restart appears under other windows, instead of on top of them. However, standard user accounts only have 15 minutes to respond to this dialog box. This was changed with Windows 8: Users have 3 days before the computer reboots automatically after installing automatic updates that require a reboot. Windows 8 also consolidates the restart requests for non-critical updates into just one per month. Additionally, the login screen notifies them of the restart requirements.
Windows Update Agent makes use of the Transactional NTFS feature introduced with Windows Vista to apply updates to Windows system files. This feature helps Windows recover cleanly in the event of an unexpected failure, as file changes are committed atomically.
Windows 10 contains major changes to Windows Update Agent operations; it no longer allows the manual, selective installation of updates. All updates, regardless of type, are downloaded and installed automatically, and users are only given the option to choose whether their system would reboot automatically to install updates when the system is inactive, or be notified to schedule a reboot. Microsoft offers a diagnostic tool that can be used to hide troublesome device drivers and prevent them from being reinstalled, but only after they had been already installed, then uninstalled without rebooting the system.
Windows Update Agent on Windows 10 supports peer to peer distribution of updates; by default, systems' bandwidth is used to distribute previously downloaded updates to other users, in combination with Microsoft servers. Users may optionally change Windows Update to only perform peer to peer updates within their local area network.
Windows 10 also introduced cumulative updates. For example, if Microsoft released updates KB00001 in July, KB00002 in August, and KB00003 in September, Microsoft would release cumulative update KB00004 which packs KB00001, KB00002, and KB00003 together. Installing KB00004 will also install KB00001, KB00002 and KB00003, mitigating the need for multiple restarts and reducing the number of downloads needed. KB00004 may also include other fixes with their own KB-number that were not separately released. A disadvantage of cumulative updates is that downloading and installing updates that fix individual problems is no longer possible.

Windows Update for Business

Windows Update for Business is a term for a set of features in the Pro, Enterprise and Education editions of Windows 10, including:
These features were added in Windows 10 version 1511. They are intended for large organizations with lots of computers, so that they can logically group their computers for gradual deployment. Microsoft recommends a small set of pilot computers to receive the updates almost immediately, while the set of most critical computers to receive them after every other group has done so, and has experienced their effects.
Other Microsoft update management solutions, such as Windows Server Update Services or System Center Configuration Manager, do not override Windows Update for Business. Rather, they force Windows 10 into the "dual scan mode". This can cause confusion for administrators who do not comprehend the full ramifications of the dual scan mode.

Complementary software and services

As organizations continued to use more computers, the per-machine Windows Update clients started to become unwieldy and insufficient. In response to the need of organizations for deploying updates to many machines, Microsoft introduced what was ultimately called Windows Server Update Services. WSUS downloads updates for Microsoft product to a server computer on which it is running and redistributes them to the computers within the organization over a local area network. One of the benefits of this method is a reduction in the consumption of Internet bandwidth, equal to ×S, where N is the number of computers in the organization and S is the size made by the updates. Additionally, WSUS permits administrators to test updates on a small group of test computers before deploying them to all systems, in order to ensure that business continuity is not disrupted because of the changes of the updates. For very large organizations, multiple WSUS servers can be chained together hierarchically. Only one server in this hierarchy downloads from the Internet. WSUS is a component of the Windows Server family of operating systems.
Update packages distributed via the Windows Update service can be individually downloaded from Microsoft Update Catalog. These updates can be delivered to computers without any network connections or used deploy Microsoft products in pre-updated state. In case of the former, Windows Update Agent can install these files. In case of the latter, Microsoft deployment utilities such as DISM, WADK and MDT can consume these packages.
Microsoft offers System Center Configuration Manager for very complex deployment and servicing scenarios. The product integrates with all of the aforesaid tools to automate the process.

Service

At the beginning of 2005, Windows Update was being accessed by about 150 million people, with about 112 million of those using Automatic Updates.
As of 2008, Windows Update had about 500 million clients, processed about 350 million unique scans per day, and maintained an average of 1.5 million simultaneous connections to client machines. On Patch Tuesday, the day Microsoft typically releases new software updates, outbound traffic could exceed 500 gigabits per second. Approximately 90% of all clients used automatic updates to initiate software updates, with the remaining 10% using the Windows Update web site. The web site is built using ASP.NET, and processes an average of 90,000 page requests per second.
Traditionally, the service provided each patch in its own proprietary archive file. Occasionally, Microsoft released service packs which bundled all updates released over the course of years for a certain product. Starting with Windows 10, however, all patches are delivered in cumulative packages. On 15 August 2016, Microsoft announced that effective October 2016, all future patches to Windows 7 and 8.1 would become cumulative as with Windows 10. The ability to download and install individual updates would be removed as existing updates are transitioned to this model. This has resulted in increasing download sizes of each monthly update. An analysis done by Computerworld determined that the download size for Windows 7 x64 has increased from 119.4MB in October 2016 to 203MB in October 2017. Initially, Microsoft was very vague about specific changes within each cumulative update package. However, since early 2016, Microsoft has begun releasing more detailed information on the specific changes.

Microsoft Update

At the February 2005 RSA Conference, Microsoft announced the first beta of Microsoft Update, an optional replacement for Windows Update that provides security patches, service packs and other updates for both Windows and other Microsoft software. The initial release in June 2005 provided support for Microsoft Office 2003, Exchange 2003, and SQL Server 2000, running on Windows 2000, XP, and Server 2003. Over time, the list has expanded to include other Microsoft products, such as Windows Live, Windows Defender, Visual Studio, runtimes and redistributables, Zune Software, Virtual PC and Virtual Server, CAPICOM, Microsoft Lync, Microsoft Expression Studio, and other server products. It also offers Silverlight and Windows Media Player as optional downloads if applicable to the operating system.

Office Update

Office Update is a free online service that allows users to detect and install updates for certain Microsoft Office products.
The original update service supported Office 2000, Office XP, Office 2003 and Office 2007. On 1 August 2009 Microsoft decommissioned the Office Update service, merging it with Microsoft Update. Microsoft Update does not support Office 2000.
With the introduction of the Office 365 licensing program, however, Microsoft once again activated a separate Office update service to service Office 365 customers. Owners of perpetual Microsoft Office licenses continue to receive updates through Microsoft Update.

Alternative tools

A number of tools have been created by independent software vendors which provide the ability for Windows Updates to be automatically downloaded for, or added to, an online or offline system. One common use for offline updates is to ensure a system is fully patched against security vulnerabilities before being connected to the Internet or another network. A second use is that downloads can be very large, but may be dependent on a slow or unreliable network connection, or the same updates may be needed for more than one machine. AutoPatcher, WSUS Offline Update, PortableUpdate, and Windows Updates Downloader are examples such tools.