BigFix Patches for Windows now supports Delta Updates

Release Announcements Patch (Release Announcements)
1

IBM BigFix is pleased to announce that BigFix Patches for Windows now supports the release of Microsoft Delta Updates.
Delta updates, which services Microsoft Windows 10 version 1607 and Windows Server 2016, are updates that include only the ‘new’ fixes for the month, that is, the differences between the old and new updates.Delta updates is a short-term solution for ISVs who do not have WSUS to reduce large download size.The long term solution is express update ISV delivery, For more information, see https://technet.microsoft.com/en-us/windows-server-docs/management/windows-server-update-services/deploy/express-update-delivery-isv-support.
Note that Delta updates can only be applied to environments with the previous month’s Delta updates or Cumulative updates installed. To make a device up-to-date, you can either install all applicable Delta Updates to-date, that is, in the order of release month, or only the latest Cumulative Update. For a comparison of Delta and Cumulative updates, see http://bit.ly/2mHmkiR.

Here is the first batch of BigFix delta updates Fixlets:

  • 401342905 MS17-006, MS17-007, MS17-008, MS17-009, MS17-010, MS17-011, MS17-012, MS17-013, MS17-016, MS17-017, MS17-018, MS17-021, MS17-022: Cumulative Security Update for Windows 10 - Windows 10 Version 1607 - Delta Update - KB4013429
  • 401342901 MS17-006, MS17-007, MS17-008, MS17-009, MS17-010, MS17-011, MS17-012, MS17-013, MS17-016, MS17-017, MS17-018, MS17-021, MS17-022: Cumulative Security Update for Windows 10 - Windows 10 Version 1607 - Delta Update- KB4013429 (x64)
  • 401342903 MS17-006, MS17-007, MS17-008, MS17-009, MS17-010, MS17-011, MS17-012, MS17-013, MS17-016, MS17-017, MS17-018, MS17-021, MS17-022: Cumulative Security Update for Windows Server 2016 - Windows Server 2016 - Delta Update - KB4013429 (x64)

Published site version:
Patches for Windows, version 2707.

Actions to take:
None.

Further references:
For Microsoft’s post on Express update delivery, see http://bit.ly/2nqPtio
For Microsoft’s post on Delta Updates, see http://bit.ly/2mHmkiR

Application Engineering Team
IBM BigFix

2

I deployed KB4013429 (x64) delta to systems in my environment and found that this patch was applied to systems that received this or the cumulative update directly through Windows Update and were pending reboot. The result was a reboot failure causing systems to get stuck in a reboot loop due primarily to missing drivers. spaceport.sys was the most common, but also storahci.sys, stornvme.sys, Acpi.sys, Tpm.sys. We are working with Microsoft to resolve this issue on systems that have not yet rebooted after having both patches applied. The only fixes we have found once the boot failure occurs has required local support to perform manual recovery steps in the recovery console of affected systems. I would have expected this patch to not be applicable to systems that already had KB4013429 installed. Did I miss something?

3

Hi Bob,

We have tried to reproduce your issue.

  • It’s true that the KB4013429 Delta Update is still relevant after installation of KB4013429 Cumulative Update and pending restart, because the registry keys being checked by the Delta Update’s relevance have not been written in the pending restart state.
    • We have added a relevance which is able to check KB4013429 Cumulative Update installed even in pending restart state
    • [Updated] The above change has been published to Patches for Windows site version 2718.
  • We have installed the patch in the sequence of KB4013429 Cumulative Update -> KB4013429 Delta Update, without reboot in between. However we are not able to observe the reboot failure issue you described. Would you mind sharing the response from Microsoft about what has caused this issue?

Thanks!

4

The first thing Microsoft noted was that KB4013418 had been applied to these systems and required a reboot. That reboot didn’t happen on all my machines before KB4013429 was installed. I’ll report back status from Microsoft as data comes in. KB4013418 was not pushed by BigFix, it was applied from Windows Update on the local machines.

5

Thanks Bob for sharing the info! Do ping me if you think BigFix patch content should do anything more than I have already posted.

6

The BigFix content looks good. Our issue is not related to BigFix. Thank you for taking a look and reviewing the delta patch relevance.

2 Likes
7

I’m seeing the same. I’ve had a 2016 server fail with INACCESSIBLE_BOOT_DEVICE after applying the April Delta followed by April Cumulative with no reboot in between. Then I rolled back a VM snapshot of the machine, repeated, and did not have the failure.

Microsoft posted a blog as well that this is A Bad Thing

Prevent deployment of Delta and Cumulative updates in the same month

Since Delta update and Cumulative update are available at the same time, it’s important to understand what happens if you deploy both updates in the same month.

If you approve and deploy the same version of the Delta and Cumulative update, you will not only generate additional network traffic since both will be downloaded to the PC, but you may not be able to reboot your computer to Windows after restart.

If both Delta and Cumulative updates are inadvertently installed and your computer is no longer booting, you can recover with the following steps:

Boot into WinRE command prompt

Ideally Microsoft would have handled the case already but clearly they’re not. I think BigFix should do … something. The only (easy) thing that comes to mind is to make the Cumulative Update non-relevant if the Delta Update is pending restart.

8

Thank you @JasonWalker. As you noticed, content has been updated accordingly.

Kindly let us know if you are still encountering issue with the latest content.

1 Like