For the last few years, Microsoft has been progressively reducing the size of the download for the monthly Patch Tuesday update. That means savings for Microsoft on the storage and network bandwidth needed to distribute patches and it means smaller, faster downloads for users who may be working from home on slow broadband (or not wanting to use up as much of their monthly data allowance on LTE-connected laptops).
SEE: Windows 11: Tips on installation, security and more (free PDF) (TechRepublic)
If you’re working from home, your broadband connection might be fast—but if your PC is managed and you need to get updates over a corporate VPN, smaller updates reduce the traffic on an often overloaded network.
With Windows 11, update packages are 40% smaller than for Windows 10. That’s not because there isn’t much to update on a new OS (Windows 11 is really a feature update for Windows 10) but because the updates are packaged differently.
Accumulating different updates
Back in 2018, Microsoft made the monthly package of Windows updates smaller by changing how cumulative updates worked. Updates change system files that get security improvements or new features; instead of getting a whole new copy of the file, you just get a delta or “differential”—what changes in the file.
SEE: Windows 11 cheat sheet: Everything you need to know (free PDF) (TechRepublic)
Before version 1809 of Windows 10, Express cumulative updates included all the changes made to a system file since the last major release of Windows, in case you’d skipped a month of updates somewhere along the way. So for Windows 10 1803, released in May 2018, the August update included a differential to go from the original version of each file to the August update, but also differentials to upgrade from the June and July updates. The updates got larger every month until a new Windows version was released.
If you were downloading updates directly from the Windows Update service that Microsoft runs, your PC would just get the specific files it needed; that was called an Express update. If your organization uses tools like the Windows Server Update Service to manage updates, your PC would still get just the files it needs but the IT team had to download and store the Patch Storage File (PSF for short) with the full set of cumulative changes somewhere before they could deliver that kind of on-demand update, so many didn’t bother.
From 1809 onward, what downloaded in each monthly update package was the delta to revert the system file to the way it was in the original release and another delta to update it to the latest version of the file, with all the old and new patches in.
Microsoft calls these forward and reverse differentials, and the download is about 10 times smaller than a file that has all the cumulative updates in. But you’ve still got two patches for each file—one to undo previous updates and one to deliver the latest update. That’s twice as much content in the update as you really need because you’re getting a copy of what needs to get added to the file as well as what got deleted each time to take you back.
In Windows 11, you no longer get the reverse differential in the package, so it’s smaller to download. Instead, your PC watches the instructions that run to apply the forward update and works out from them what the instructions would be to take the file back to its previous state. That’s not as straightforward as you might think because making a single change to the assembly code can mean changing the addresses of tens of thousands of function calls. The MSDelta algorithm Microsoft uses for the differentials understands how Windows works and remaps those addresses automatically so it doesn’t have to store all those changes.
It also adds any extra information it needs to apply the instructions in reverse, making the calculated reverse differential about as efficient as one that was programmed and included in the update package. That means you’re not trading a smaller update download for having your PC do more work in the background just to prepare for a future update.
As with the old Express updates, Windows 11 downloads only the files it needs each time, so if you take updates every month, your PC won’t download the parts of the cumulative update that are needed on PCs that update less often, making the download even smaller. When the 22000.132 update for Windows 11 came out, if you were updating from build 22000.1, you would also need to download the changes included in the 22000.120 update—which changed more files than the 22000.132 update did. If you hadn’t done the first update, the second update was something like 159MB to download; if you had done the first update, the second download was nearly a third smaller, at around 112MB.
It’s not clear whether there’s any technical reason Windows 10 updates couldn’t be slimmed down in the same way by adding the code to watch updates installing, create the reverse differential on your PC for each update and save that to use with the next month’s update. Microsoft tells us “they do not have anything to share at this time” about that possibility.
SEE: How to install Windows 11 on older, unsupported PCs (TechRepublic)
Combining and slimming down updates
If you’re using WSUS to manage updates (on any version of Windows), the Scan Cab that contains metadata for security updates (so you can scan Windows PCs to see if they need to install any security updates without connecting to Windows Update) is also getting smaller.
Over time, the CAB file has grown to be so large it’s hard to distribute, so Microsoft is pruning metadata for older security updates. From March 2022, the smaller CAB file will be the only option, but you can start using it now.
There are also some Windows 11-specific changes for organizations that use WSUS and the Microsoft Update Catalog.
Earlier this year, Microsoft started distributing updates to Windows in the same package as updates to the servicing stack that applies the monthly cumulative updates to Windows (known as Latest Cumulative Updates or LCUs). Previously, admins had to know whether a monthly LCU needed a matching servicing stack update, know which was the correct servicing stack update and know whether they could apply both updates at once or if they needed to send the servicing stack update first—things Windows Update takes care of for commercial devices. As of September 2021, WSUS also gets combined updates for Windows 10 1809 and Windows Server 2019 onward).
In Windows 11, that combined cumulative update now uses the Unified Update Platform and the same orchestration engine (known as the UUP update agent) as Windows Update and Windows Update for Business, even though you’re still using WSUS and the Microsoft Update Catalog. This is a newer and more reliable servicing stack that could deliver different kinds of servicing packages in the future.
It also means the updates delivered by WSUS will be smaller and take up less network bandwidth, because instead of a single CAB file in each update package, there’s both a cumulative update CAB and a PSF with the differentials in, so the update stack can go through the list and download only the parts of the update that PC needs.
If you’re used to grabbing the CAB file out of the MSU update package and distributing it in some other way, that will no longer work, so you may need to change some of your scripts and automations.