2

TIP, use at your own risk: If you want a list of non-deprecated updates, one option you can try is to get a machine completely up to date by running Windows Updates the normal way, and then run cleanmgr.exe and click Clean up system files and then select Windows Update-cleanup (maybe throw in the log files as well) and then press OK.

An eternity will pass and all non-required updates appear to be removed. The list of updates that remains in Add/Remove would seem to be the list of updates that are actually required. I would try to install in ascending order by KDB number. I am unable to test this properly as of now, but wanted to add it as a hint. Better than nothing. I am not sure whether to install the latest monthly rollup first or the "hidden SP2" (kb3125574 - described in the comments below).

UPDATE:

I counted 583 windows updates on a PC that had the original Windows 7 installed. In other words it never had SP1 applied, but have had all updates installed individually since Windows 7 came out.

To view the list of updates, launch add/remove programs (hold windows key, tap r, type "appwiz.cpl" and press enter), click uninstall program, then "show installed updates".

See comments below for some helpful links to avoid installing deprecated updates and to reduce overall update time.

For the record, other PCs with SP1 applied showed 249, 201 and 304 updates respectively (the last one 64 bit). They have obviously received some "rollups" that eliminated deprecated packages.

Why not allow the download of a bundle of all non-deprecated security updates and a way to install them in the recommended order? That would be flexible and useful for everyone - no need for a traditional service pack. I am sure this would amount to about 100 updates that are actually needed to protect a PC from being vulnerable "just sitting there" on the network.

I am confused with regards to the post-SP1 updates for Windows 7. There must be 200 of them by now? How can Microsoft not release another service pack to include such a large amount of updates?

Is there a list of the most important updates somewhere (other than the Microsoft upgrade catalog - http://catalog.update.microsoft.com/v7/site/Home.aspx)? Perhaps there is a de-facto user community service pack bundle or similar helpful tools? Not all company setups allow for a lot of budget in dealing with updates, or use WSUS or similar systems.

Some of the hotfixes seem to be crucial to apply before connecting the PC to a network at all, and using Windows Update will keep the PC churning for hours.

Stein Åsmul
  • 2,616
  • 6
  • 26
  • 38
  • 9
    This question is unanswerable. "Probably not" is the best we can do. – Ryan Ries Feb 04 '14 at 23:08
  • This is really a question you should be asking your Microsoft representative. Microsoft is under no obligation to offer service packs or other update rollups. They are not even under an obligation to offer updates *at all* (in the DOS days your "update" was generally buying and installing the new release), though failing to do so would likely be economic/corporate suicide these days... – voretaq7 Feb 04 '14 at 23:33
  • @voretaq7 With all due respect, I'd say that is a strange conclusion. Windows 7 seems unsafe for the Internet until hundreds of updates are installed. A service pack would improve security dramatically and make PC setup faster. – Stein Åsmul Feb 05 '14 at 23:49
  • 2
    @Glytzhkof It's not strange at all if you think about how a software company works. Whether to roll service packs (or issue updates at all) is a decision Microsoft, as the vendor, makes based on internal resource constraints, economics, legal/liability considerations, and (hopefully) customer feedback. So again, if Microsoft not issuing a second Service Pack for Windows 7 bothers you because it costs you time/money during setup *that is really something you should be taking up with them*. If enough people raise it as an issue *maybe* they'll issue a second SP rollup. – voretaq7 Feb 06 '14 at 00:39
  • I have a machine that has been continually updated since Windows 7 came out (i.e. SP1 was never applied - all its updates were installed individually). The update list shows 582 applied windows updates (!). That should be a lot in anyone's book! There is a rollup package now that pretty much works as a SP2 - it replaces about 120 windows updates, but it contains no security updates which would seem to be the most important ones to apply offline. My Windows 7 box lists 385 applied security updates (many of which are now deprecated). I don't have a list of non-deprecated security updates. – Stein Åsmul Jun 30 '17 at 14:32
  • Here is the rollup package for Windows 7 that replaces 120 windows update packages: https://www.catalog.update.microsoft.com/search.aspx?q=kb3125574 . It needs to be applied manually - it will never come down via Windows Update - as far as I understand it. Apply it, you will save time. Especially if you got lots of boxes to set up simultaneously. – Stein Åsmul Jun 30 '17 at 14:34
  • When Windows Update is run, it must produce a list of non-deprecated security updates to apply to the box. These must then be applied in the recommended order. In other words: Microsoft obviously has the data needed to make a chained installer of all relevant security updates without much effort at all - just run the updates in the recommended sequence. I don't understand why there is a rollup for windows updates, but not for security updates - it would seem the security updates are the most important ones to apply. Especially now that ransomware viruses such as WannaCry are out there. – Stein Åsmul Jun 30 '17 at 14:55
  • Here is some information to check for WannaCry vulnerabilities: https://support.microsoft.com/en-us/help/4023262/how-to-verify-that-ms17-010-is-installed . I find that method 2 (checking file version of srv.sys) is the easiest and most reliable approach. – Stein Åsmul Jun 30 '17 at 15:03
  • Applying the latest "monthly rollup", which at the moment is: http://www.catalog.update.microsoft.com/Search.aspx?q=4022719, replaces about 47 security updates and 24 updates. Look for the latest monthly rollup at the time of reading this (see in package details tab to find the latest update). Along with the "SP2" rollup, you should eliminate a lot of unnecessary updates. – Stein Åsmul Jun 30 '17 at 15:18
  • I guess I am spamming here, but just one more link in case it is useful for someone: https://blogs.technet.microsoft.com/windowsitpro/2016/05/17/simplifying-updates-for-windows-7-and-8-1/ . It seems the April 2015 servicing stack update must be applied before installing the "SP2" / rollup update. – Stein Åsmul Jun 30 '17 at 20:36

1 Answers1

7

WSUS should be handling this in general, along with slipstreaming updates into any build you have to deploy if you want to minimize the time needed by WSUS after a rollout. I get the question, just not sure where the need is to roll out a new SP like there was pre-WSUS (or Windows Update from MS) days.

I don't think any of us here can actually answer your title as is, but there are multiple articles online stating that MS has hinted that there will not be an SP2 for Win7.

TheCleaner
  • 32,627
  • 26
  • 132
  • 191
  • It is true that larger companies with WSUS and other systems are perhaps happier to deploy smaller updates than to roll out a new service pack, but this is different for smaller companies and small offices in particular. And home PC's for that matter. – Stein Åsmul Feb 04 '14 at 23:05
  • 2
    Home PCs should be getting regular updates daily from MS directly. Small shops, no different...or using WSUS (free) or some other normal maintenance schedule. Relying on an SP to bring a PC up to date because it has a backlog of 300 updates from the previous 9 months is simply poor security administration. Even a small shop should be more active in maintaining patch levels. – TheCleaner Feb 05 '14 at 03:39
  • Cleaner, you've forgotten about new installs. Stein, they should be done behind a NAT to prevent attack. – Gringo Suave Apr 11 '15 at 17:32
  • @GringoSuave New installs for me are done via SCCM so I don't think much about small shops that do it manually, sorry. BUt you can slipstream SPs as said in my answer. – TheCleaner Apr 12 '15 at 22:18
  • What would help everyone would be a way to download all applicable security updates without any deprecated packages included, and then a way to run them in a recommended order. This would allow quick and reliable install on multiple boxes, and also a way to eliminate a security patch from installing, if it causes problems for the application estate. Installing everything as a "monthly rollup" like they do nowadays, means you can only uninstall the whole bundle, not individual updates (granted these "monthly rollups" are probably made primarily for home users). – Stein Åsmul Jul 01 '17 at 19:34