Patch content for KB3125574 are *tasks*, not *fixlets*

In my Patches for Windows site version 2624, patch content for KB3125574 (IDs 312557401, 312557403, 312557405) are tasks. Not fixlets.

This is a problem for baseline relevance. It also means my filter of Patches for Windows “rollup” fixlets missed them.

Is there a functional reason why the KB3125574 content are tasks?

Hi Andrew,

This KB is the convenience rollup for Win7, and it’s special. As explained in this Microsoft blog:

This convenience update is completely optional; it doesn’t have to be installed and won’t even be offered via Windows Update – you can choose whether or not you want to use it.

I would argue that it’s reasonable to not include this automatically in any baseline.

There’s another reason for not making it a Fixlet - due to the size of this patch, the accurate relevance to detect whether it’s needed, will be too long and inefficient. We made it a Task and used a workaround relevance which is much shorter.

Hi Bai,

Thanks for the response. In this case, it being a task means it went unnoticed despite specific efforts to capture non-security rollups.

Regarding the relevance, could that possibly be reevaluated? Now that Microsoft is offering the new “quality updates”, it seems we’re going to be seeing more and more of these highly complex rolllups.


I’d second that request.

In all of the documentation and training I’ve been involved with, there has been attention paid to “Fixlet” vs “Task”.

While there doesn’t seem to be a dictionary definition on the difference, I’ve always been under the impression “A Fixlet changes the configuration state of a system”, while “A Task performs an operation without changing the configuration state”.

I’d expect a Software Install to be a Fixlet, while a stop/start/restart service to be a Task. I’ve not heard an argument “it’s a Fixlet if the relevance is easy, and a Task if the relevance is hard”.

I’d think it more acceptable to use the perhaps-weaker Microsoft Catalog-style detections (does it appear in Add/Remove Programs) rather than the more-thorough BigFix style checks (version number of every file involved in the patch), if the Relevance can’t be computed.

Thanks for your responses and feedback.

@atlauren, I understand that you are trying to capture non-security rollups, but this KB3125574 is special. It serves a special purpose, and it’s not needed if you have installed all the non-security patches that are available as Fixlets.

To answer your concern about relevance, please rest assured that all of the recent rollup updates and “quality updates”, were made Fixlets and have adequate relevances to make them work.

@JasonWalker, I agree with you that we might not be using ‘Task’ strictly to its definition. However, this is a workaround. This convenience rollup is large, and will not be superseded. This means if we use the exact relevance that checks for its applicability, we would constantly have a very long and inefficient relevance running once in a couple of minutes on many devices that do not need it at all. We do not judge relevance as ‘easy’ or ‘hard’, but we believe relevance should be accurate, efficient, and suitable. In this case, we choose to use an efficient relevance which is suitable for most users, however would have to overcome the slight lost in accuracy by making it a Task.

In conclusion, this KB was made a task because:

  • It’s optional and serves a special purpose;
  • It carries a workaround relevance that is efficient but only works as a Task.

Thanks for clearing that up. I apologize that I wasn’t more clear, I didn’t intend “the relevance is hard” to mean difficult to write or understand, but difficult in terms of slow evaluation. Please don’t take offense.

And thanks for the link with the Fixlet/Task definition. I hadn’t seen that before and the explanation was very clear. I guess I should check out the documentation updates once in a while!

Can we expect going forward that future rollup packages will be Tasks rather than Fixlets?

Hi Jason,

Don’t worry about it! There is nothing wrong raising concerns, and I am pleased to have the chance to put up our explanation and also clarify our criteria for making decisions such as this one. I am really glad that our users are supportive of this decision.

To answer your question, please rest assured that all of the recent rollup updates and “quality updates”, were made Fixlets and have adequate relevances to make them work. I feel it unlikely needing to apply this workaround to any current or future rollup packages.

1 Like