Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Security Only Updates vs Security Monthly Quality Rollup Updates!

13 Mar 2018   #1
Paul Black

7 HP SP1 64-bit Vista HB SP2 32-bit Linux Mint 18.3
 
 
Security Only Updates vs Security Monthly Quality Rollup Updates!

Good morning,

On a clean install (other than: KB3020369, KB3125574, KB3172605 and KB3179573), is it best to install ALL the Security Only Updates from October 2016 to February 2018 or just the last Security Monthly Quality Rollup Update?

Ideally, I really only want the critical and security updates and nothing else. I can run Windows update after the clean install and then install the ones that I want to.

I am going to be creating a new install.wim file because this will drastically reduce the number of Windows updates (and the many hours downloading, installing and restarts needed) available when I run Windows updates and just really need to know which scenario is best.

I say this with regard to telemetry and spying updates making their way into the clean install.

There have been many many posts with regard to this but none seem to give a definitive answer!

Thanks in advance.


My System SpecsSystem Spec
.
22 Mar 2018   #2
iko22

Windows 7 x64, Vista x64, 8.1 smartphone
 
 

Hi Paul, As far as I am aware, the windows update went through 4 phases: SP1, Convenience rollup update, telemetry updates, and the new rollup scheme (after August 2017). The new rollup scheme meant that a single monthly update would include the months updates rolled into one. The new rollups have a cumulative effect, so one months update cumulatively includes the previous months update.
My System SpecsSystem Spec
22 Mar 2018   #3
Brds7t7

Windows 7 Pro & Ultimate, Windows 8.1 Pro, Linux Mint 19 Cinnamon (All 64-Bit)
 
 

Hi Paul, if you're going from a clean install and want all the Security-only updates and no rollups included, then I would use WSUSOffline to create the ISO before you attempt it all.

Believe me, it's just a big PITA with clean installs now. WSUSOffline makes the whole process much easier. You can select Security-only updates instead of rollups when using the update downloader.

WSUS Offline Update - Update Microsoft Windows and Office without an Internet connection

And if you're going down the Security-only update route, then yes you have to install each months, or you'll have some parts of Windows unpatched.
My System SpecsSystem Spec
.

23 Mar 2018   #4
Paul Black

7 HP SP1 64-bit Vista HB SP2 32-bit Linux Mint 18.3
 
 

Thanks iko22 and Brds7t7 for the replies, it is appreciated.

Quote   Quote: Originally Posted by Paul Black View Post
On a clean install (other than: KB3020369, KB3125574, KB3172605 and KB3179573), is it best to install ALL the Security Only Updates from October 2016 to February 2018 or just the last Security Monthly Quality Rollup Update?
I am really just curious about what people think from their own experience is the best and most stable way to go about creating a new install.wim file for a clean install.

As I said previously, whichever way I choose to go, whether it is the Security-Only option or the Cumulative option the updates KB3020369, KB3125574, KB3172605 & KB3179573 MUST be installed first obviously.

If I was to go down the Cumulative route then I would only have to install the 4 updates above + KB4088875 - Security Monthly Quality Rollup Update (March 2018).

If I was to go down the Security-Only route then I would have to install the 4 updates above + 17 Security-Only updates from KB3192391 - October 2016 > KB4088878 - March 2018.

I do realise that the Cumulative update includes ALL previous updates so is the easier of the two options but does it still include some telemetry? I say this because I did read somewhere that Microsoft have now stopped pushing out the telemetry updates!

Anyway, I was just curious about other peoples opinions and experience and what they had found was the best of the two options, if any!

Thanks in advance.
My System SpecsSystem Spec
23 Mar 2018   #5
Brds7t7

Windows 7 Pro & Ultimate, Windows 8.1 Pro, Linux Mint 19 Cinnamon (All 64-Bit)
 
 

Hi Paul, be warned that the cumulative updates don't include all past updates. MS is slowly rolling the past updates into the Cumulatives, but they're not fully there yet. So either way you go, you'll still have to install more updates from Windows Update.

I can't help you with the install.wim option unfortunately, as I found it less hassle just to install Windows from the disc/USB stick then use WSUSOffline to get me up to date security wise and skip all the rollups easily. This is why it isn't as straightforward as you think since MS changed its servicing model.

Another tool to use which will tell you which Security-only updates are missing is the Microsoft Baseline Security Analyser. After install you can run it and set it to 'Scan the offline catalog only'. This will scan for Security-only updates missing.

Ignore any references to Monthly rollups though.

Download Microsoft Baseline Security Analyzer 2.3 (for IT Professionals) from Official Microsoft Download Center
My System SpecsSystem Spec
23 Mar 2018   #6
Paul Black

7 HP SP1 64-bit Vista HB SP2 32-bit Linux Mint 18.3
 
 

Thanks for the reply and link Brds7t7,

Quote   Quote: Originally Posted by Brds7t7 View Post
...be warned that the cumulative updates don't include all past updates. MS is slowly rolling the past updates into the Cumulatives, but they're not fully there yet. So either way you go, you'll still have to install more updates from Windows Update...
Yes, I appreciate that. The idea is to stop the many many hours needed to download and install them and the numerous restarts that are needed. Hence why I have gone down the route of pre-integrating them and creating a new install.wim file for the initial clean install.

Quote   Quote: Originally Posted by Brds7t7 View Post
...then use WSUSOffline to get me up to date security wise and skip all the rollups easily.
I will out of interest look at this process over the weekend.
I assume that it is a package that contains ALL the updates that can then be run against the clean install to find those updates that are missing?

Quote   Quote: Originally Posted by Brds7t7 View Post
Another tool to use which will tell you which Security-only updates are missing is the Microsoft Baseline Security Analyser. After install you can run it and set it to 'Scan the offline catalog only'. This will scan for Security-only updates missing. Ignore any references to Monthly rollups though.
This also sounds interesting, and again, I will look at this process over the weekend.

Thanks in advance.

EDIT:

I am also going to have a go at integrating I.E.11 (I know that this needs at least 4 Prerequisites) into the install.wim file as well to make it a bit more complete. I might also then be able to integrate the KB4089187 - Cumulative Security Update I.E.11 - March 2018.

I know that Microsoft .NET Framework 4.7.1 can't be integrated but this can be done from the downloaded .msu file after the clean install to also reduce the time (as opposed to letting it update through Windows update).
My System SpecsSystem Spec
23 Mar 2018   #7
Brds7t7

Windows 7 Pro & Ultimate, Windows 8.1 Pro, Linux Mint 19 Cinnamon (All 64-Bit)
 
 

WSUSOffline includes all updates either Security-only updates or the rollups whichever you choose when running the downloader. There's a checkbox at the bottom which says "Download Security-only updates instead of Quality Rollups". You can also set it to install all the .NET Framework updates and IE11 plus its updates. Believe me, it's a very handy piece of software to have in the toolkit!

I sound like I work for the team at WSUSOffline, but I'm not affiliated with them in any way.

Give it a try at the weekend, then let me know how you get on.

The install.wim option is probably the quicker option for install, but I got fed up of trying to integrate updates all the time. Must be my age!
My System SpecsSystem Spec
23 Mar 2018   #8
Paul Black

7 HP SP1 64-bit Vista HB SP2 32-bit Linux Mint 18.3
 
 

Thanks Brds7t7,

Quote   Quote: Originally Posted by Brds7t7 View Post
The install.wim option is probably the quicker option for install, but I got fed up of trying to integrate updates all the time.
I can create a new install.wim with the 4 updates + Cumulative update in about 20 minutes.
I can create a new install.wim with the 4 updates + ALL 17 Security-Only updates in just over an hour.
Both Batch driven.

Thanks in advance.
My System SpecsSystem Spec
23 Mar 2018   #9
Brds7t7

Windows 7 Pro & Ultimate, Windows 8.1 Pro, Linux Mint 19 Cinnamon (All 64-Bit)
 
 

Quote   Quote: Originally Posted by Paul Black View Post
I can create a new install.wim with the 4 updates + ALL 17 Security-Only updates in just over an hour.
Both Batch driven.

Thanks in advance.
Don't forget that you have to install all the standalone security updates that came before the 2016 Security-only updates too.

If you can do all that you're a much more patient man than I am! It started driving me nuts keeping up with all the different updates both pre and post August 2016.
My System SpecsSystem Spec
23 Mar 2018   #10
Paul Black

7 HP SP1 64-bit Vista HB SP2 32-bit Linux Mint 18.3
 
 

Hi Brds7t7y,

Quote   Quote: Originally Posted by Brds7t7 View Post
Don't forget that you have to install all the standalone security updates that came before the 2016 Security-only updates too.
Yes, these were the 4 I was talking about that MUST be installed first (regardless of which of the 2 options are used):

KB3020369 - Servicing Stack Update - April 2015.
KB3125574 - Convenience Rollup Package - May 2016.
KB3172605 - Functional Update Rollup (THIS ONE IS IMPORTANT) - July 2016.
KB3179573 - Functional Update Rollup - August 2016.

Quote   Quote: Originally Posted by Brds7t7 View Post
If you can do all that you're a much more patient man than I am!
Batch driven so it just does it!

Thanks in advance.
My System SpecsSystem Spec
Reply

 Security Only Updates vs Security Monthly Quality Rollup Updates!




Thread Tools




Similar help and support threads
Thread Forum
Security Monthly Quality Rollup v Preview Of Monthly Quality Rollup
Good afternoon, Can someone please tell me if there is any difference between the Security Monthly Quality Rollup and the Preview Of Monthly Quality Rollup if any. Thanks in advance.
Windows Updates & Activation
Security Monthly Quality Rollup for Win 7 for X64
This "optional" entry appears each month during Win Update. It is several hundred MB in size so takes a while to download but there is no indication of what it does or why it is optional. Since individual updates also appear is this stuff really necessary ? Can it safely be ignored ? Thanx. ...
Windows Updates & Activation
Security Monthly Quality Rollup
I have been using W7 Pro x64 for ages and have been delighted with it and intend to stay with it until Microsoft eventually drives me to Linux. Now down to my question. I have been receiving a Security Monthly Quality Rollup and beginning to wonder if I really need to download it. The latest...
Windows Updates & Activation
Error 80073712 when installing monthly security updates
Hello, I've been having problems with windows update for several months now (using Windows 7 Professional SP1 64 bits): I can download and install most updates, except for the security monthly quality rollups. When I try to install these, windows update seem to download them up to 11% and then...
Windows Updates & Activation
October 2016 security monthly quality rollup for Win7 (KB3185330) Fail
Hello all, I need some help, I am having an issue with 2 workstations. 1 Physical Windows 7 Pro x86 1 Virtual Windows 7 Pro x64 When I try to install the update KB3185330 the workstation reboots and eventually I get the message on the screen "Failure configuring Windows updates. Reverting...
General Discussion


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 13:34.
Twitter Facebook Google+