Yesterday Microsoft released eight “preview” patches, in line with its new method of releasing patches on the third Tuesday of every month. They’re optional, which means they won’t get installed unless you specifically check the Windows Update box. If you’re tempted to install them, don’t.
Preview patches serve a good purpose, but they’re not for general consumption.
The two major preview patches:
- KB 3197869 is the “November 2016 Preview of Monthly Quality Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1.” In other words, it’s an early look at the nonsecurity patches for Windows 7 that Microsoft expects to roll out for real in December. You can see details of the patch on the Win7 update history page, where you can learn, for example, that this patch updates Belarus’ ISO 4217 code from BYN to BYR. Positively riveting.
- KB 3197875 is the “November 2016 Preview of Monthly Quality Rollup for Windows 8.1 and Windows Server 2012 R2”—in other words, another preview of the nonsecurity patches that will appear for real next month. There’s a long list of fixes on the Win8.1 update history page including, you guessed it, a change of Belarus’ ISO 4217 code from BYN to BYR.
Several of you have written to me, confused about the patches. The simple instructions: Unless you know precisely what you’re doing, leave preview patches alone. You don’t need or want them. When they’re fully baked next month, Microsoft will roll them out.
Microsoft’s intentions here are noble: It's giving programmers and system administrators a chance to kick the tires on the new nonsecurity patches before the patches get rolled out through the Windows Automatic Update chute. If you write programs for Windows or you control a bunch of Windows machines, you should take a look at the previews. The vast majority of Windows users should look the other way. Unless you specifically hunt down the patches, check them and install them, you’re fine.
In a similar vein, we saw four previews of .Net Framework patch rollups:
- KB 3195382, the “November 2016 Preview of Quality Rollup for the .Net Framework 2.0 SP2, 4.5.2, 4.6 on Windows Vista SP2 and Windows Server 2008 SP2”
- KB 3195383, the “November 2016 Preview of Quality Rollup for the .Net Framework 3.5, 4.5.2, 4.6, 4.6.1 on Windows Server 2012”
- KB 3196684, the “November 2016 Preview of Quality Rollup for .Net Framework 3.5, 4.5.2, 4.6, 4.6.1 on Windows 8.1 and Server 2012 R2”
- KB 3196686, the “November 2016 Preview of Quality Rollup for .Net Framework 3.5.1, 4.5.2, 4.6, 4.6.1 on Windows 7 SP1 and Windows Server 2008 R2 SP1”
There’s also KB 3197878, the “November 2016 Preview of Monthly Quality Rollup for Windows Server 2012.”
There’s one oddity I’ll follow: The preview monthly rollup for Windows 8.1 includes a fix for a bug introduced by Microsoft in the August security patch MS16-100. Oddly, that bug isn’t described in the security bulletin, but the Win8.1 update list says the monthly rollup preview “addressed issue with the boot partition appearing in File Explorer after installing MS16-100.”
The reason why I’ll be watching – and you should, too: We need to make sure that bugs introduced by Microsoft’s security-only patches are fixed with security-only patches. If Microsoft starts fixing its own bugs willy-nilly, by including security bug fixes only in non-security patches, it won’t be possible to keep your PC upgraded with security-only patches.
For those of you accustomed to my patchocalypse terminology, crisscrossing patches will make it impossible to stay in Group B. You’ll be forced into the telemetry-friendly Group A, if only to fix the problems created by patches in Group B.
The price of patching liberty is eternal vigilance.