We all get confused by some of the non-specific information Microsoft puts out on the knowledge base when it comes to documenting patches issued through its Windows Update service. Sometimes the generalisations made on security fixes for privately reported vulnerabilities are made on purpose. This is to keep some integrity on the actually attack vector patched or so that particular technical detail is not published to the wild.
On March 27th 2015, there was no exception to the rule, although for slightly different reasons this time. This update Microsoft issued was classified as an “optional update” for Windows 7 SP1 systems and a “required update” for Windows 8.1 systems. The knowledge base reference given to this update was KB3035583, with the title “Update enables additional capabilities for Windows Update notifications in Windows 8.1 and Windows 7 SP1 “. Some may have wondered what this actually was for? Maybe this might be more of interest to Windows Insider program members; but in fact this update is the first sign that Windows 10 is on schedule to ship to your PC very soon.
Now we know from the last major press conference Microsoft held back in February updating us on the Windows 10 roadmap and what was coming in the next cycle of updates to Windows Insiders testing the technical preview builds; was that Windows 10 would be shipping free to all Windows 7, and Window 8.1 customers, later in the year. As per normal release cycles Windows typically RTM’s during the July-August period of the calendar year if you are a partner or VL customer, and retail customers generally get access in the September/October periods. This is looking to stay true again for Windows 10 this year.
So why is this relevant to KB3035583? Well after inspecting the files listed in the KB article that are being installed I was curious as to what they were for. Turns out the main application executable issued in this update – GWX.exe actually turns out to refer to “Get Windows 10”. It would seem that Microsoft have developed a new “plug-in” for the existing Windows Update service on your PC to prepare it for this new operating system upgrade.
Microsoft learnt a lot from deploying the Windows 8.1 update free to all existing Windows 8 customers; for the most part the upgrade went smooth for a majority of customers; this was a full O.S deployed over-the-air. As impressive as that might have seemed, Windows 10 shipped over-the-air on the other hand is another beast and honestly will be the largest automated software deployment ever done by any vendor. Apple have done OSX upgrades over the internet for some time now, although the target base is nowhere near the scale Microsoft will be looking at. Windows 7 and 8.1 equate to almost 69% of the entire desktop operating system market as of March this year. That’s a lot of systems that will receive this update. Now the actual deployment target will fall short of that statistic as Microsoft have already stated that systems with an enterprise SKU installed will not automatically receive the update, nor will domain-joined systems by default. This might bring some piece of mind to system admins out there that could be reading this wondering how big their corporate internet pipe will need to be to deal with everyone getting the update at same time (shouldn’t happen if you’re using WSUS in your environment) but all the same – don’t worry you will be able to deploy at your own pace.
Looking slightly deeper into the files added after KB3035583 I did however find in the Config.xml file some parameters that seemed to flag the two conditions which will ignore the automated update;
I guess we will wait and see if further detail is made available at a later date for some management options regarding these configuration files to change the default behaviour. It would look to suggest this might be the case. If I see a TechNet article pop up, will be sure to post an update here to let you know.
Finally to wrap up this rather long post, the other notes taken from this update are that it would seem the add-in has been designed to make sure multiple phases are managed and controlled. You might notice in the coming months a specially crafted pop-up letting you know that “Windows 10 is coming soon”, and no you don’t have malware – this is just Microsoft un-presciently teasing you in a way never seen before. From that point you will get some further prompts when a download is ready and so-forth. When all this will begin is still hard to say. The only other change I noticed the update made was injecting some tasks into the Task Scheduler. See the below screen shot as example of what you will find on your system after KB3035583. This indicates that almost daily the system will be refreshing configuration and content from a web service endpoint looking to see if any new commands are ready to be deployed to the PC.