How Windows 10's new smaller monthly updates work

A "back-then-forward" model will govern patches starting with Windows 10 version 1809.

Microsoft will apply an unusual patching process to reduce the size of its monthly Windows 10 updates, a company manager said this week.

"If your device were on the September LCU (latest cumulative update) and then you installed October, your machine would apply the September reverse delta to go back to RTM and then the October forward delta to go to October [emphases added]," wrote Mike Benson, a principal program manager in the Windows division, in a comment appended to a previous post about update changes.

Benson was answering questions from customers eager for more information about the new update packaging Microsoft will debut with this fall's Windows 10 1809 feature upgrade. Updates for that version and those which follow will be "compact ... for easier and faster deployment," Microsoft said in an August 16 announcement.

Although the redesigned packaging will be served only to 1809 and later, Microsoft will continue to provide earlier editions of Windows 10 with the full- and express-sized monthly updates. "Each of these updates types are just different formats," Benson said. "But the end result on your system would be the same thing — a fully cumulative update that gives you all the security and non-security patches for the Windows OS in one package."

Express updates — previously, Microsoft's smallest — contained multiple deltas, each representing the difference between the desired end state and a baseline or point in time. The more baselines, the more deltas and the larger the update. And Windows' updates contained a lot of baselines. "Generally we use last month's LCU (N), the month before (N-1) all the way back N-5 months, and RTM [release to manufacturing]," Benson explained. All that was packaged in one massive express update, which was what enterprise WSUS (Windows Server Update Services) patching servers downloaded. Various subsets of that update would then be extracted by WSUS and fed to the individual PCs.

"So the server express file could be 6 to 7GB, while the end device only downloads 150 to 200MB," Benson said.

The new update format, which was simply dubbed small, has only one baseline, the feature upgrade's RTM. (For each Windows 10 feature upgrade, say, 1809, that baseline — the RTM — will be its initial release.) The small update includes, according to Benson, "the compressed delta from RTM for each file (Forward Delta), and the delta back to RTM (Reverse Delta)."

When the small update is installed — as November's Patch Tuesday security update, for instance — it first applies the Reverse Delta to take Windows 10 back to 1809's RTM, then applies the Forward Delta to take 1809 RTM to the new status (in this case, November's). That back-then-forward model has advantages, Benson argued.

"Since all the content is in the package itself, no server negotiation is needed," Benson wrote in his comment. "Because it only has a single baseline (from RTM) it will sometimes be larger than an express update for someone that was on the previous months patch [but] the size difference should be minimal. And without the server negotiation and on-device analysis, it uses less CPU during download and install."

Some seemed skeptical. "The back and forth patching sounds crazy," opined another commenter, Klaus Salger. "[But] great solution if that works reliable and fast."

"It's definitely a new approach," chimed in Chris Goettl, product manager with client security and management vendor Ivanti, when asked what he thought of Microsoft's back-then-forward delta model.

Before Microsoft's announcement, Goettl said, Ivanti and the Redmond, Wash. developer had conversations about Windows 10's update size, specifically the express updates, which were what Microsoft wanted third-party patch management vendors to use. But express updates' size, as well as bandwidth and other requirements, were, argued Ivanti, prohibitive. "[Express updates came with a] very high cost at the back end," Goettl said. "You were getting smaller front-end costs, but back end costs were high."

Goettl wasn't clear how Microsoft accounted for those costs in the new update format. "How did they bury all those costs? The new update is smaller than any of the three models on the back end, and smaller than all but one on the front end," Goettl noted. "They had to pay for that cost somewhere."

Because Microsoft has not yet issued one of the small updates, or shared an example with Ivanti, Goettl said he was unable to evaluate Microsoft's new approach. "We're cautiously optimistic, but we want to see one on a machine and understand the mechanics better," he said.

Microsoft's Benson provided only a few clues as to the update's inner workings. "It does this [reverse-delta-to-RTM, then forward-delta-from-RTM] in a [single] transaction so there is no possibility of your device being stuck in the middle somewhere — either the full update succeeds or does not," Benson said.

He also spelled out why the small update format would be available only to Windows 10 1809 and later and would not be back-ported to earlier versions, such as 1803, 1709 and so on. "To make this change, there were modifications needed in both the package format itself, and in the update stack on the client," Benson said. "Making those types of changes to older versions of the OS would be risky (the update stack is absolutely critical). With a new version of the OS, we have [had] many months of both internal testing as well as Windows Insider previews that we can use to validate the changes at scale and reduce risk."