While Windows administrators can never ignore Microsoft’s updates, it may make sense to delay or even avoid Windows updates until they are stable for enterprise users.
These OS updates are critical to maintaining security of enterprise organizations, but they are notoriously flawed and cause new problems that require additional patches. Windows 10 is no better than previous versions, and there are still issues that come up with Windows updates.
As an IT administrator or advanced Windows user, you should understand the process Microsoft lays out to correct problems with the operating system.
Different types of Windows 10 updates
Microsoft provides Cumulative Updates, which could include multiple updates. Microsoft distributes the cumulative updates in two groups:
- Feature updates that add new functionality and are released twice per year
- Quality updates that include security and critical updates, once a month – also known as Patch Tuesday
Component updates may or may not all be in the cumulative updates. Therefore, if you install a new device and problems occur, you should look for specific driver update from Microsoft to ensure they deliver it.
Downloading and installing Windows updates
Windows 10 settings permit you to download and install Cumulative Updates within 24 hours of release on Patch Tuesday. This is fine for consumers, but in the enterprise, you should test these OSes in a lab to ensure compatibility with hardware and enterprise applications prior to rolling them out to the users.
You should delay these downloads until you test them and ensure Microsoft has not yet released a subsequent update to fix issues with the newly released update. That said, security updates are critical, and you should always try to apply them promptly to protect assets from viruses and malware. With these conflicting factors, you must test all updates, but the testing must take place promptly after the updates’ release.
Windows 10 update and patch issues
A great example of the importance of managing these updates is the disastrous May 12, 2020 cumulative update. In spite of Microsoft’s pre-release program, which allows select customers to install the updates early and report on issues so Microsoft can fix them, the May 12, 2020 update still had a lot of problems. Organizations that installed this update and experienced the problems associated with the update (Table 1) had to install all the interim updates that Microsoft pushed out or consider one of the uninstall options – noted later in this article.
The issues caused by the May 12, 2020 Windows 10 update included the following:
- Security issues with various components of Windows 10, including:
- The Windows Kernel
- Windows File Server
- Microsoft Office software
- External devices
- Microsoft Edge and Internet Explorer
- Issues with verifying usernames and passwords
- Forced reboots with always-on devices
- OneDrive connection issues
- Local Security Authority errors
While Microsoft published patches to address these issues, the patches then caused the following errors:
- Incompatibility with certain hardware components
- Major issues with network printer connection
- Difficulty connecting to Google Chrome
- Poor desktop performance
The fixes that Microsoft offers typically denote the patch that they relate to, indicating that sometimes Microsoft’s patches are part of the problems. In addition, Microsoft acknowledged the problems reported by users for the May 12 update with KB4556799.
Microsoft has multiple versions of Windows 10 and updates may cover one or more versions. This can be quite confusing, but you simply need to remember that once they update the PC to a new version, Microsoft supports that version for 18 months. These different versions can run simultaneously, and Windows will trigger the Windows Update service unless you disable it.
Understanding which version of Windows 10 you are running
The automatic update tool will figure all the patches and versions out, but if you need a specific update you must find the correct version to install. To determine which Windows version and build are currently installed on a computer, go to the search bar and enter winver (Figure 1).
Microsoft has defined different dashboards for each version. The page for Version 2004 contains release notes, known issues, tips on applying the updates, and more.
Microsoft identifies its patches with a knowledge base (KB) number and each KB identifies the OS number and the OS version that that patch applies to. The page shows, for example, a sample KB doc of the May 12, 2020 update, which in this case is for version 1903 (Figure 2).
Learning what issues come with different Windows 10 updates
Users should identify the updates released after the May 12, 2020 release of OS version 2004, which caused many of the recent Windows update issues (Table 2). Other versions of the data may have different patch numbers for updates. Each item in the KB column includes a links to the KB documents. It is important to study these docs as they include critical information such as:
- OS version and build number
- List of fixes and components fixed (Figure 3)
- List of known problems
- List of problems that have fixes and the KB number of those fixes
- On the left pane of the KB doc is a roadmap of updates, listed by version number.
|Date||KB||OS Build||OS Version||Notes|
|June 9, 2020||KB4557957 https://support.microsoft.com/en-us/help/4557957/windows-10-update-kb4557957||19041.329||2004||Patch Tuesday release|
|June 18, 2020||KB4567523 https://support.microsoft.com/en-us/help/4567523/windows-10-update-kb4567523||19041.331||2004||Interim release|
|July 14, 2020 (regularly scheduled update)||KB4565503 https://support.microsoft.com/en-us/help/4565503/windows-10-update-kb4565503||19041.388||2004||
Intended to fix all the previous update issues
(Note that the reported problems in Figure 3 were logged after installing this update)
|July 31, 2020||KB4568831 https://support.microsoft.com/en-us/help/4568831/windows-10-update-kb4568831||19041.423||2004||Interim release – again identified by Microsoft to fix previous update issues|
|August 11, 2020||KB4566782 https://support.microsoft.com/en-us/help/4566782/windows-10-update-kb4566782||19041.450||2004||Patch Tuesday release|
Some OEMs, including HP, provided their own fixes for issues caused by the May 12, 2020 update. You should check with your OEM for more information.
How to check the update history of a Windows 10 desktop
First, you should identify the updates that the affected computers have received. To accomplish this, follow these steps:
- Click on Start and then Settings or go to the Search bar and type Settings.
- Select Update & Security.
- Select Windows Update on the left panel.
- Note that this page indicates when updates were last checked and has an option to check for updates, pause or delay updates, and other choices (Figure 4).
- Click View Update History: This shows the update history on a Windows 10 computer (Figure 5). Notice that it lists Quality and Feature updates applied, as well as the date and the KB number of the update.
Manually installing and uninstalling Windows 10 updates
There may be updates that the Windows admin avoids due to various reasons, including if there is a specified delay by an admin, insufficient disk space and network failure. You can manually install the update in several ways:
- Remove the Delay in Update Settings. In many cases, the update service will then perform the update.
- Click the Check For Updates button in the Windows Update Settings page and then click to install it. You may need to do this several times to install all the missing or failed updates.
- Download the software and documentation from the Microsoft Update Catalog. Unfortunately, this is only a search engine, so you must know the KB number associated with the update. It is fairly easy to find the proper KB number by searching on the internet (Figure 6). This has a link for documentation of fixes, components and any known problems, and a download link. There are different downloads for various system types, such as x64 and x86.
You may need individual updates for specific drivers or software programs that fail, causing errors in a business application or even blue screen crashes. An internet search for key words or error codes will usually identify the KB patch to fix it. You can also manually download and install these updates with the Windows Catalog.
In some cases, you may want to uninstall a problematic Windows update, such as the May 12, 2020 Windows update. You should consider this step if it is causing unacceptable performance or stability problems and there is no fix in sight. To uninstall an update, there are several options:
- Manually Uninstall
- Boot into Safe mode
- Go to Control Panel, Programs, Programs and Features, View Installed Updates.
- Highlight the problematic update and click the Uninstall button (Figure 7).
- Use the System Restore Feature. This option requires a restore point to be configured in advance. This will restore the system to the condition it was in on a specified date.
- Go to This PC, Properties, System Protection (Figure 8).
- Select “Configure restore settings …” and enable “Turn on System Protection”
- Select “Create a restore point…” and provide a name. The system will create a restore point.
- To restore the system to a restore point, select “System Restore” in the System Protection dialog.
Restore points are not automatic; you have to manually create and enable them. Thus, you should create a restore point prior to software or hardware updates. You should delete restore points when you’re done with them to save disk space.