Microsoft drags customers 'kicking and screaming' into its world of faster updates

Mandates Windows 8.1 Update to receive future patches; evidence of commitment to constant OS refreshes, say experts

Microsoft's demand that Windows 8.1 users install this week's major update was another signal that the company is very serious about forcing customers to adopt its faster release strategy, experts said today.

"Microsoft is going to drag organizations and users into this new world of faster updates kicking and screaming," said Michael Silver of Gartner in an email. "Microsoft wants users to trust it to keep their systems updated. Maybe they figure forcing organizations to deploy [Windows 8.1 Update] will get them used to taking updates and keeping current."

Earlier this week, Microsoft shipped Windows 8.1 Update (8.1U), adding that to obtain future updates, including fixes for vulnerabilities distributed each month on "Patch Tuesday," Windows 8.1 users had to install 8.1U.

"Failure to install this Update will prevent Windows Update from patching your system with any future updates starting with updates released in May 2014," Microsoft said.

May 13 is the first Patch Tuesday that will require 8.1U.

That requirement got the attention of users. And not in a good way.

"What happened to Microsoft's Lifecycle policy with providing customers with a 24-month timeframe before ending support of a superseded operating system RTM/Service Pack?" asked a user identified as "wdeguara" in a comment appended Tuesday to Microsoft's blog-based announcement. "By immediately withdrawing all future security updates for Windows 8.1 RTM, in the eyes of most enterprise customers you are effectively performing an immediate End-of-Life on Windows 8.1 RTM.

"I know that Microsoft wants its customer base to adopt updates to its Windows platform faster, but immediately dropping security patching on the Windows 8.1 RTM release is just plain crazy," wdeguara added.

But to Silver, that is exactly Microsoft's intent.

Others see similar method to Microsoft's madness.

"The reality is that Microsoft is moving the OS toward a more service-oriented model," said Wes Miller, an analyst with Directions on Microsoft, in a Thursday telephone interview. "This reflects the fact that there are shifting sands, that Microsoft is trying to move toward one servicing model for a variety of platforms. They're trying to harmonize Windows Phone and Windows with one servicing model that works for everyone."

From Miller's perspective, Microsoft was striving for a mobile-style model for Windows that would not only rely on more frequent updates, but one with a goal of getting the bulk of users onto each new this-is-current update or version.

Other Microsoft customers joined wdeguara to criticize the forced migration, which had not been announced prior to Tuesday and which they saw as a betrayal of the 24-month rule that has given them two years from the launch of a service pack to upgrade from the original, called "RTM" in Microsoft-speak to reference "release to manufacturing."

"This is a massive shift from a patching perspective," said Julian Harper, an IT manager, in one of several messages posted to the mailing list on the topic. "For years, we've had [two] years to plan service pack roll outs and now we're given one month. And this is on top of the fiasco that was Windows 8.1 for volume license customers."

Previously, Microsoft had said that the 24-month rule for Windows, once reserved for service packs, would apply to Windows 8 and its successors, including Windows 8.1 of October 2013, even though the latter was not labeled as a "service pack." Customers on Windows 8 RTM, which shipped in October 2012, would have until Jan. 12, 2016 to migrate to Windows 8.1. After that date, Windows 8 RTM will not be eligible for security updates and other fixes and enhancements.

"Microsoft has the most generous and transparent support policies, but everything depends on what they call the new code," said Silver. "A 'service pack' has a support policy. A 'version' has a support policy. Something with a different name, well, Microsoft can do what it wants."

Miller wasn't shocked at the complaints from enterprise IT personnel, like Harper. "It bothered me, too," Miller said. "The support lifecycle page doesn't reflect this, and it absolutely should," he continued, referring to Microsoft's support timetable for Windows 8 and Windows 8.1. "Customers need to be able to keep track of what they have to do for support."

Andrew Storms, director of DevOps at CloudPassage, a San Francisco-based cloud security firm, acknowledged the historic nature of the Windows 8.1 Update's deployment requirement.

"What was surprising to me was that there was no prior notification from Microsoft," Storms said. "But what was not so surprising was that they made this decision. The number of SKUs that they support is getting out of hand. Microsoft can only support so many products. At some point, they just have to cut it."

Storms sympathized with corporate IT administrators nervous about the rapid release pace.

"Given the environment they're in, the complaints were well justified," Storms said. Traditionally, that has been an environment where companies downloaded an update, tested it for weeks or even months, then slowly deployed it to devices.

"That's an ongoing process that's constantly in motion," said Storms of the practice. "But we know everyone needs to move to [a process] where you have to take the updates as they are. So this really calls for a new way of thinking. IT must rethink the environment that they're in."

In other words, enterprises may not like Microsoft mandating 8.1U but they'll have to learn to live with not only that, but future demands, too. "If the [software vendors] are moving faster than you can keep up with using the traditional methodology, you're going to have to just take [the updates]," Storms said.

Microsoft did not reply to questions, including why it mandated 8.1U and whether it believed the requirement is a change of its 24-month rule.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed. His email address is

See more by Gregg Keizer on

Read more about windows in Computerworld's Windows Topic Center.

Join the CSO newsletter!

Error: Please check your email address.

Tags GartnerMicrosoftsecurityWindowssoftwareoperating systems

More about Andrew Corporation (Australia)AppleGartnerGoogleMicrosoftTopic

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Gregg Keizer

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts