What is a ZDP, and what’s so Z about it?

You may see an occasional mention of the acronym ZDP, such as this article explaining what OOBE ZDP are for, and this one that says, "I don't know why..."

ZDP stands for "Zero Day Package", sometimes redundantly called a "ZDP Package". However, this is not using the term Zero Day in the security vulnerability sense. Rather, it's referring to day number zero: The first day the product is available to the public. The Zero Day Package is a Windows Update package that is made available on launch day. These patches are reserved for addressing serious functionality issues in important scenarios. For example, if there's a fix for a crash in a commonly-used scenario, that's a candidate for a Zero Day Package.

Note, however, that even though the package is available on Day Zero, it won't be installed on Day Zero. Windows Update will download the package and stage it for installation, but it won't install it right away. It'll wait a few days (I forget exactly how many) before starting to encourage you to update. The theory is that you get a few days of playing around with the new system before you start getting nagged about updates.

This artificial delay before installing the ZDP means that the official release version of Windows needs to be solid enough to survive a week without any help. If you have a problem that is super-critical that cannot wait a week, then you need to get your fix into the OOBE ZDP.

OOBE (pronounced /oo-bee/) stands for "Out of Box Experience". It's the program that runs when you turn the computer on for the very first time after you take it out of the box. OOBE doesn't have the luxury of taking a fix in a ZDP, because by the time the user signs in and installs the ZDP, it's too late. OOBE is already over! OOBE needs to run right the first time. No second chances, no patches.

Okay, back to the OOBE ZDP. The term OOBE ZDP does not mean "The ZDP to fix OOBE bugs." Rather, it means "The ZDP that is installed by OOBE."

The OOBE ZDP is a special ZDP that is downloaded and installed at the end of OOBE, part of the "Please wait while we apply the finishing touches" phase. Since the user is sitting there waiting anxiously to start using the computer they just got for Christmas, the OOBE ZDP needs to be small, so only the most critical fixes go there.

Update: See corrections from Michael Ratanapintha below. Thanks, Michael!

Comments (19)
  1. French Guy says:

    sometimes redundantly called a “ZDP Package”

    Somewhat like an “ATM Machine” (which I’ve come across recently while watching a series), given that ATM means Automatic Teller Machine.

    1. Damien says:

      Generally referred to as RAS Syndrome or PNS Syndrome.

    2. Neil says:

      Ah yes, that device into which you enter your PIN Number of course.

      1. Sam Steele says:

        In NZ, one can do so at the ASB Bank.

        1. Geoff says:

          And in Canada, the RBC Bank (or Royal Bank of Canada Bank).

    3. smf says:

      It’s only redundant if there is enough context. The problem with TLA’s is collisions.


      ATM Machine gives you enough context without saying “Automatic Teller”.
      PIN Number gives you enough context without saying “Personal Identification”.

      English allows for consecutive repeated words, so I don’t see why it wouldn’t allow an acronym to be followed by the last word of the acronym. I personally think it sounds better.

      “There was no preexisting core of expertise within the NATO organisation on peacekeeping issues”.
      “There was no preexisting core of expertise within NATO on peacekeeping issues”.

      If you don’t know what NATO is then the former at least gives you an indication it’s an organisation, googling for NATO organisation is more likely to end up with the right result. Otherwise you may end up at the https://en.wikipedia.org/wiki/National_Association_of_Theatre_Owners

  2. skSdnW says:

    So in other words, OOBE asks Windows Update for just the high-priority ZDPs.

    And if the machine is not connected to the internet during OOBE, are the OOBE ZDPs treated as normal ZDPs or do they get installed as soon as you connect?

  3. I helped build the feature to download and install the OOBE ZDP in Windows 8.1. Having been there, I have some minor quibbles in terminology.

    First, the P in ZDP did not stand for “Package.” It may do so now through usage, but in the original specs, the P was for “Priority,” as in “Zero Day Priority update.” We often talked about the “ZDP update” in the Windows Update team; unlike “ZDP package” in your definition, this was no redundancy.

    Second, while I think the User Experience team folks who built the OOBE part of the feature called the update installed by OOBE the “OOBE ZDP update,” our custom in Windows Update was just to call it the “ZDP update.” The update that is available on Windows’ release day, but _not_ installed by OOBE, was called the “General Availability update,” or “GA update,” not the ZDP update or ZDP. And of course this update existed for Windows versions prior 8.1, when the OOBE ZDP was introduced.

    These definitions by me are probably about 2 years out of date, but they were correct then as I remember it.

    Besides those minor definition issues, the discussion seems 100% right. No complaints there…

    > And if the machine is not connected to the internet during OOBE, are the OOBE ZDPs treated as normal ZDPs or do they get installed as soon as you connect?

    My memory is fuzzy on what happens if the computer starts OOBE disconnected but then gets the network cable plugged in/connected to the wireless network during OOBE.

    But if the computer is disconnected throughout all of OOBE, then the OOBE ZDP update is downloaded and installed automatically during normal computer usage, but may still be installed faster than other updates.

    This is because OOBE ZDP updates are published in a special update category within the Windows Update system. (You can see this category in the WSUS list in the first linked blog.) This category makes OOBE ZDP updates, at least in Windows 8.1, eligible for “accelerated install” – download and install during the first 24 hours after OOBE completes, during which time automatically downloading and installing other updates is suspended to reduce the frequency and length of reboots when you are first using the computer.

    1. (Just to be clear, my discussion of “accelerated install” only applies to Windows 8.1, and not necessarily to Windows 10 or future Windows versions.)

  4. Dmitry Onoshko says:

    > This artificial delay before installing the ZDP means that the official release version of Windows needs to be solid enough to survive a week without any help.

    Call me whatever you like, but I really miss the good old days when the official release version of Windows needed to be solid enough to survive… like… forever?..

    1. ChDF T says:

      That would result in much less new features, since every feature you add or change is one that could potentially fail. Nice-to-haves like virtual desktops would not make it over the then much higher hurdle.

    2. IanBoyd says:

      It’s safe to say there was never a say when the release-day version of Windows was solid enough to last forever.

      It just meant that bugs were not fix – because it was the days when people did not have Internet access. If you were ambitious, you could go to http://ftp.microsoft.com and download a service pack. I still have the box with the twenty-some-off 3.5″ floppies of Windows NT 3.5 in my closet. But it has bugs that would today would be classified as critical.

      1. Jolyon Direnko-Smith says:

        OS released with bugs that these days would be classified as “critical” and yet “mission critical” systems were successfully built and deployed on top of said systems.

        Makes one wonder exactly what “critical” means and whether we haven’t just gotten a little bit soft in the intervening years. :)

        1. Yuri Khan says:

          Many bugs that we today classify as critical are very successfully mitigated by the absence of any network connection.

          1. Neil says:

            Didn’t you also have to remove the floppy drive to meet C2 compliance, or am I misremembering?

        2. Klimax says:

          Maybe something about dozens of developer-years, millions in coss and totally forzen and unmovable codebase with very little featores or user-friendliness running for decades after manufacture supported system on extremly outdated hardware.

          And still with load of bugs and missing features (either old promised or new wanted by users). And cost of maintenance continually rising…

      2. Dmitry Onoshko says:

        Let me say that, in fact, we didn’t get anything but yet another level of UX complexity by nagging a user with requests to update (or just updating silently, like some version of a well-known S-something-E messenger used to do).

        In those days one wouldn’t update if (s)he didn’t want/feel the need to, now they still ignore the requests, but the experience became more annoying. Maybe some statistics lie^Wshow that the new way to force updates made our world safer, I can’t believe it is true: from what I can see, those who do update at least weekly would do it even if it meant downloading (or buying a disc with already downloaded) a service pack manually or “offline”. But the rest, those who are in the group of the biggest risk, just cancel it. Because it’s annoying. Because it takes “too long”.

        I even saw notebook owners who thought their notebooks were broken. Why? Because Windows got stuck updating itself for a few hours. I also had a few “chances” to update Windows on a brand new notebook the whole night with about 300-400 updates. Installing service packs took much less time.

        What I try to say is that the way updates are delivered nowadays don’t really solve any of the problems of past days. Maybe just hides some of them. People still use slow and expensive Internet connections (hello, 3G Internet in a country-side house far from towns and cities!), still need to do their work no matter how important and critical the update is. People are still lazy. It’s not the way it should be done. What is “the right way”? I don’t know either. But was it worth changing anything? Not for me.

    3. Ivan K says:

      I still think that every programmer only releases code that he or she thinks is not only defensible, but good. Despite this, humanity still sent probes to Mars and to Jupiter’s moon with bugs. Meh. It’s a learning experience, and the more people and complexity involved the better.

  5. cheong00 says:

    Humm… I’d imagine that if those ZDP exists and internet connection is available when the product installer is launched, those patches should have had slipstreamed into the update process, much like when I install the VS IDE updates. (The installer will also download other updates applicable and try to install them in one go in order to reduce the number of reboot involved.)

Comments are closed.

Skip to main content