Heimdal
article featured image

Contents:

Each month, Microsoft pushes out various types of updates, patches, and fixes. For the most part, these are security-related (i.e., fixing known or recently disclosed vulnerabilities), but they can also play on performance or accessibility. Asides from those, Microsoft does also offer another category of updates called optional quality (updates). So, in this article, I’m going to talk about Microsoft’s optional quality updates and how to automate them. As always, enjoy and don’t hate the player, hate the game.

What are Microsoft / Windows Optional Quality Updates?

Microsoft labels all non-essential or user-triggered updates as optional quality updates. In other words, these ‘packs’ don’t need to be installed on the spot and, best of all, the user gets to choose whether or not he wants those updates deployed on a work or personal machine. The name itself might be a bit misleading – placing “optional” close to “quality” does not exactly convey the meaning nor the importance of this update.

Okay, so what passes as an optional quality update? For instance, updates that are meant to solve software stability issues are deemed optional. Why? Because, at times, stability-solving patches can do more harm than good (i.e. can make the software even more unstable than it was before). So, they’re optional. Another great example is patches meant to fix hardware issues. The same story as before; actually, I’m going to go ahead and quote the Army Corps on this one – if it ain’t (entirely) blocked, don’t try to fix it.

Enough with the common knowledge. Let’s see a live example. Go ahead and Google “KB4023057”. Alternatively, you can fire up Windows Update Center, and look it up under “Update History”. Here’s why KB4023057 is considered an optional quality update:

  1. Added file compression. This update might compress some of your old files to free up more space for all those important updates. Useful, but not essential.
  2. Support notification bubble. Windows will display a bubble-type notification on the right side of the screen when you’re running low on disk space. Nice, but again, not essential.
  3. Disk cleanup improved. Windows’ ‘disk-mopping’ utility gets an overhaul – new cleanup features for delivery optimization files, DirectX shader cache, temporary files, locally-stored, non-essential Windows updates, and more. Guess what I’m about to say.

This is just one of the many examples of optional quality updates made available by Microsoft. And, by the way, KB4023057 was part of June’s patching bout, and, as BleepingComputer would put it, it’s a rerun. This is the Windows optional quality update in a nutshell. Now, we this out of the way, let’s talk about why optional quality updates are so hard to deploy and implement.

Distributing & Deploying Windows Optional Quality Updates

Any respectable IT admin would tell you that there’s no such thing as smooth sailing when it comes to patching. I’ll rephrase that: it doesn’t matter whether you’re running WSUS, SCCM, or whatever patch-distribution architecture, because you’re bound to encounter many issues along the way (e.g., incorrect  proxy servers, HTTP 403 responses, SENS service not receiving user logon notifications, corrupted BITS configurations, and the list goes merely on).

I might have omitted an aspect – all the above-mentioned issues arise when you’re trying to deploy ESSENTIAL and, yes, security updates. So, what happens if we want to push optional quality updates? Can we simply ignore the fact that most of these updates are labeled as ‘preview’ and even more unstable?

As I’ve mentioned in the previous section, optional quality updates are not essential and will have little bearing on your machine’s (or software’s) overall performance. Still, some of those features can come in handy and it would be a shame not to have them on your business machines. The solution, of course, is to use a dedicated auto-patching solution that supports both essential and optional quality updates.

Now, the notion of auto-patching\auto-updating software is not something new, but it has managed to crawl its way to our attention in the last couple of years mostly because of the fact that off-the-shelf software like WSUS or SCCM has severe limitations (i.e., you can only push MS software patches and updates with those).

Heimdal™ Security’s take on optional quality updates is a recently-developed feature that allows admins to push non-essential alongside critical and security updates (and patches).  The new feature has already been made available in your Heimdal dashboard.

Once activated, your Patch & Asset Management will begin pushing all the optional quality updates missing from your machines. As always, you can schedule, force-push, or postpone these updates from your Infinity Management module. For our customers asking if these updates are subjected to the same curation as the other updates & patches, the answer is yes, we do that so you don’t have to.

Heimdal Official Logo
Automate your patch management routine.

Heimdal® Patch & Asset Management Software

Remotely and automatically install Windows, Linux and 3rd party application updates and manage your software inventory.
  • Schedule updates at your convenience;
  • See any software assets in inventory;
  • Global deployment and LAN P2P;
  • And much more than we can fit in here...
Try it for FREE today 30-day Free Trial. Offer valid only for companies.

Wrap-up

Will optional quality updates no longer be, well, optional? I don’t think so. As Microsoft elegantly puts it, you simply cannot force the user to install an under-tested piece of software. So, if you plan on deploying those any time soon, get yourself an auto-updater, test and (re)test, and expect a lot of back and forth. Hope you’ve enjoyed this article. Subscribe, comment, donate and stay safe.

Author Profile

Vladimir Unterfingher

Senior PR & Communications Officer

Experienced blogger with a strong focus on technology, currently advancing towards a career in IT Security Analysis. I possess a keen interest in exploring and understanding the intricacies of malware, Advanced Persistent Threats (APTs), and various cybersecurity challenges. My dedication to continuous learning fuels my passion for delving into the complexities of the cyber world.

Comments

Awesome

Leave a Reply

Your email address will not be published. Required fields are marked *

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE