Windows 7 cumulative rollup updates - Any good?

Updated: December 3, 2016

In the past year or so, Windows 7 suffered from slow update checks, a flaw in the Windows Update functionality, a problem that was magnified by paranoia and extra scrutiny around Windows 10 and the free upgrade offer. Naturally, people assumed that Microsoft was making Windows 7 deliberately slow as an incentive to make users move onto a newer operating system. Nothing like a conspiracy to spice up the rumors.

At the same time, Microsoft started working on a few new initiatives that would make updates on Windows 7 and 8.1 faster, more elegant, and ultimately easier to manage. Back in April 2016, they released a convenience rollup for Windows 7 SP1 - effectively a complete new service pack if you will - designed to include all previous updates. And then, in July, Microsoft finally and successfully managed to fix the slow updates thingie. Now, October 2016 onwards, you also get cumulative rollup updates similar to Windows 10. I decided to test and see how this new model works, and whether you should like it, or worry. After me.


Rolling up

Anyhow, I decided to check the new functionality on my HP test laptop, running Windows 7 SP1 and Linux Mint, the former of which had not really been updated since about March. I started by first installing the two patches, as I've outlined in the tutorial above, and then waited only about four minutes before the latest set was presented.

There are several cumulative updates available - dotNET patches, security patches, and also an optional Quality Preview rollup, which contains everything non-security, but might one day become bundled with the security package. You also get several individual packages, which could not be contained inside the rollup.

Security rollup

Optional rollup

To make things even more interesting, the test laptop is running a standard user account, through SuRun. This should not impact or affect the work in any way, but it is worth noting anyway.



I have to say, I'm quite pleased. The new method of updates is really neat. It is fast, and it does not hog the resources. The 250 MB worth of patches that fall under the security umbrella were installed in about 10 minutes. The pre-reboot and post-reboot steps were also very fast. Everything worked smoothly, with much better responsiveness and reduced CPU thrashing. Even this old 2010 laptop plowed through the process with litheness and grace.

The optional Quality Rollup was even faster, and it took maybe three minutes to complete, in total. This kind of speed is approaching the typical Linux distro functionality. Eventually, another Internet Explorer 11 cumulative patch crept up on me, but this one did not even require restarting the box. All in all, half an hour later, I was done with the process, with seven months worth of leftovers applied. No errors. No problems.

Cumulative updates completed


One thing that you may not want to see in your Windows 7 is a new Diagnostics service. There have always been two, and they don't really do anything unless you have opted into the Windows Customer Experience Improvement Program. I've talked about this at great length in my privacy & telemetry tutorial, and then again in my guide on how to rein in and tame Windows upgrades. Last but not the least, should you feel bored, and if you have some extra space time, you might also want to cast a quick glance at my rather extensive and detailed Windows 10 privacy howto, which ought to give you some more insight into these changes, and how you should handle them. Now, back to business at hand.

Experience program, opt-in

The new service is called Diagnostics Tracking Service. It's set to run automatically. You can just disable it without any adverse effects. You just need to remember that this is a new kid on the block, courtesy of the October rollup (optional). Nothing sinister here, and this functionality is clearly outlined in the KB details. Also, even if you let the service run, it won't do anything. But out of principle, you surely don't need this seven years into the Windows 7 lifecycle, so just bin it and move on.

Tracking comes with new optional rollup

Microsoft Update Catalog

A reader named Peter pointed out that you can download Security Rollup Updates directly from the Microsoft Update Catalog site. This once-upon-a-time IE6-only site has been revamped, and works reasonably well in other browsers too. You can manually grab them, and this way assert some level of granularity and control over what goes onto your boxes, for instance the November security-only quality update. This old-new mechanism replaces the standalone KB downloads method, and it also allows you to grab the highly useful officially unofficial Windows 7 SP2 rollup, as it can be quite convenient for future installations and upgrades. Wicked.

Catalog site


The new Windows 7 (and possibly 8.1) cumulative rollup updates, both security and optional quality patches, seem to work very well. Fast, elegant, with less resource usage, both processor and bandwidth, than ever before. All in all, looks like the right decision moving forward. Time is of essence, and here you will save a lot of it.

Now, there's a catch, of course, as evident in the new tracking service. Rollups necessarily mean a big bundle of things, some of which you may not like. Previously, you had the choice of not installing them, this won't be so easy any more in the future. There might come a moment where your trust will be breached and your control taken away from you, as we have seen with the GWX nonsense. So there's always that to consider. Other than that, overall, the rollups are really convenient, they work well, and they should make your system maintenance easier. Beware the geeks bearing gifts though. And we're done.


You may also like: