CYBERSECURITY PADAWAN

Each month, Microsoft pushes out various types of updates, patches, and fixes. For the most part, these are security-related (i.e., fixing known or recently disclosed vulnerabilities), but they can also play on performance or accessibility. Asides from those, Microsoft does also offer another category of updates called optional quality (updates). So, in this article, I’m going to talk about Microsoft’s optional quality updates and how to automate them. As always, enjoy and don’t hate the player, hate the game.

What are Microsoft Optional Quality Updates?

The name itself might be a bit misleading – placing “optional” close to “quality” does not exactly convey the meaning nor the importance of this update. Microsoft labels all non-essential or user-triggered updates as optional quality updates. In other words, these ‘packs’ (I’ll get to that in a second) don’t need to be installed on the spot and, best of all, the user gets to choose whether or not he\she wants those updates deployed on a work or personal machine.

Okay, so what passes as an optional quality update? For instance, updates that are meant to solve software stability issues are deemed optional. Why? Because, at times, stability-solving patches can do more harm than good (i.e. can make the software even more unstable than it was before). So, they’re optional. Another great example is patches meant to fix hardware issues. The same story as before; actually, I’m going to go ahead and quote the Army Corps on this one – if it ain’t (entirely) blocked, don’t try to fix it.

Enough with the common knowledge. Let’s see a live example. Go ahead and Google “KB4023057”. Alternatively, you can fire up Windows Update Center, and look it up under “Update History”. Here’s why KB4023057 is considered an optional quality update:

  1. Added file compression. This update might compress some of your old files to free up more space for all those important updates. Useful, but not essential.
  2. Support notification bubble. Windows will display a bubble-type notification on the right side of the screen when you’re running low on disk space. Nice, but again, not essential.
  3. Disk cleanup improved. Windows’ ‘disk-mopping’ utility gets an overhaul – new cleanup features for delivery optimization files, DirectX shader cache, temporary files, locally-stored, non-essential Windows updates, and more. Guess what I’m about to say.

This is just one of the many examples of optional quality updates made available by Microsoft. And, by the way, KB4023057 was part of June’s patching bout, and, as BleepingComputer would put it, it’s a rerun. This is the optional quality update in a nutshell. Now, we this out of the way, let’s talk about why optional quality updates are so hard to deploy and implement.

Heimdal Official Logo
Automate your patch management routine.

Heimdal™ Patch & Asset Management

Remotely and automatically install Windows and 3rd party application updates and manage your software inventory.
  • Schedule updates at your convenience;
  • See any software assets in inventory;
  • Global deployment and LAN P2P;
  • And much more than we can fit in here...
Find out more Offer valid only for companies.

Distributing & Deploying Optional Quality Updates – Challenges and Workarounds

Any respectable IT admin would tell you that there’s no such thing as smooth sailing when it comes to patching. I’ll rephrase that: it doesn’t matter whether you’re running WSUS, SCCM, or whatever patch-distribution architecture, because you’re bound to encounter many issues along the way (e.g., incorrect  proxy servers, HTTP 403 responses, SENS service not receiving user logon notifications, corrupted BITS configurations, and the list goes merely on).

I might have omitted an aspect – all the above-mentioned issues arise when you’re trying to deploy ESSENTIAL and, yes, security updates. So, what happens if we want to push optional quality updates? Can we simply ignore the fact that most of these updates are labeled as ‘preview’ and even more unstable?

As I’ve mentioned in the previous section, optional quality updates are not essential and will have little bearing on your machine’s (or software’s) overall performance. Still, some of those features can come in handy and it would be a shame not to have them on your business machines. The solution, of course, is to use a dedicated auto-patching solution that supports both essential and optional quality updates.

Now, the notion of auto-patching\auto-updating software is not something new, but it has managed to crawl its way to our attention in the last couple of years mostly because of the fact that off-the-shelf software like WSUS or SCCM has severe limitations (i.e., you can only push MS software patches and updates with those).

Heimdal™ Security’s take on optional quality updates is a recently-developed feature that allows admins to push non-essential alongside critical and security updates (and patches).  The new feature has already been made available in your Heimdal™ dashboard.

Once activated, your Patch & Asset Management will begin pushing all the optional quality updates missing from your machines. As always, you can schedule, force-push, or postpone these updates from your Infinity Management module. For our customers asking if these updates are subjected to the same curation as the other updates & patches, the answer is yes, we do that so you don’t have to.

Wrap-up

Will optional quality updates no longer be, well, optional? I don’t think so. As Microsoft elegantly puts it, you simply cannot force the user to install an under-tested piece of software. So, if you plan on deploying those any time soon, get yourself an auto-updater, test and (re)test, and expect a lot of back and forths. Hope you’ve enjoyed this article. Subscribe, comment, donate and stay safe.

Comments

Awesome

Leave a Reply

Your email address will not be published. Required fields are marked *

GO TO TOP