EDIT: Updated on 3/6/2018
Updates to Cumulative Update Messaging and Guidance:
Over the years, as we released CUs (Cumulative Updates), you have become familiar with a certain type of deterrent messaging around those updates. Examples like the below messages often lead DBA’s to plan for a deployment of a certain CU, only if and when they hit an issue.
- “This cumulative package is intended to correct only the problems that are described in this article. Apply it only to systems that are experiencing these specific problems.”
- “A supported cumulative update package is now available from Microsoft. However, it is intended to correct only the problems that are described in this article.”
By then, the system may already be experiencing performance degradation or even service disruption in some cases. This results in a poor experience with SQL Server, where DBA’s face unnerving times to restore service to its optimal state as soon as possible, often by enlisting the assistance of Microsoft CSS (Customer Support Services).
As of January 2016 CU (Cumulative Update) releases, these caution messages have been updated. We now recommend ongoing, proactive installation of CU’s as they become available. You should plan to install a CU with the same level of confidence you plan to install SP’s (Service Packs) as they are released. This is because CU’s are certified and tested to the level of SP’s. Also, Microsoft CSS data indicates that a significant percentage of customer issues are often previously addressed in a released CU, but not applied proactively. More so, CU’s contain added value over and above hotfixes. These also may contain supportability, logging, and reliability updates enhancing the overall experience.
In addition to messaging and guidance updates, we have made updates to the CU acquisition model.
Acquisition changes:
- CU’s, of course, have traditionally been made available on the “Hotfix” server (accompanied by the “cautionary language” associated with a ‘QFE’ or ‘Hotfix’). The inconsistency here is that CU’s are not really simple quick hotfixes anymore. The encompassed updates are well tested at individual as well as full system integration levels today.
- Therefore, we now place the latest CU per mainstream supported baseline on Download Center, just as is done for Service Packs.
- Additionally, all CU’s are placed into the Windows Update Catalog, WSUS, and offered as an optional Microsoft Update to facilitate acquisition and distribution.
- On Demand hotfixes are also now placed on the Download Center as well, with CSS providing individual links to customers requesting the hotfix. All hotfixes continue to roll into the next scheduled CU.
- To reduce friction, downloading CU’s from the microsoft.com/downloads will not require providing/receiving an email and URL.
EXAMPLE: When SQL Server 2014 SP1 ‘CU9’ is released, CU9 will replace ‘CU8’ on the download center as the latest CU for 2014 SP1. Adding to the example, while an individual issue may have been originally addressed in ‘CU8’, CU KB’s will always point to the latest CU (on the download center), which will then be CU9. Clicking on the “A fix is available for this issue” link in the CU8 KB would take you to the CU9 (latest) download.
Note: CU’s released prior to January 2016 are only available for download from the hotfix sever.
We hope these changes will drive more proactive, informed, confident, and simplified CU adoption. Updates reflecting this change to various MSDN and Knowledge Base articles are rolling out now.
SQL Server Tiger Team
Hi,
Does the latest CU include changes from all previous CUs? For example, if I install CU9, does it include all changes from CU1 through CU8 as well? Or do I need to install each CU individually? Does this behave like Service Packs where if I install SP3, I do not need to install SP1 and SP2 as SP3 includes changes in SP1 and SP2.
Thanks.
Hi Mirza,
Yes, A CU will include all previous CU updates for the same branch, meaning Cumulative Update #11 for SQL Server 2012 SP2 contains all CU updates since SP2, Cumulative Update #2 for SQL Server 2012 SP3 contains all CU updates since SP3, and so on and so forth.
Is it now true that newer SQL Server hotfix KB includes all the hotfixes released before.
For instance, does KB3098860 include KB3033860 for SQL Server 2008 R2 SP3?
Is it now true that newer SQL Server hotfix includes all hotfixes released before?
For instance, does KB3098860 include KB3033860 for SQL Server 2008 R2 SP3?
Yes, they would be in KB3098860 which is the TLS 1.2 update for SQL Server.
I’m very happy to read this post today. I’ve felt, for a while now, that CUs should be applied proactively. It’s comforting to know that they are fully tested and that proactive installation has been endorsed as the best practice.
As CU now have the same quality as service pack will you continue to release service packs?
Yes we will. While we are strongly encouraging system admins to install CUs, we also know that many companies have certain processes in place to only install SPs. And until those processes are changed, and confidence increases due to the cessation of “scary”” language around CUs, we have no current plans to drop SPs.
You could always consider getting rid of the “CU” name and start calling them “service packs”. 🙂
@MarcK, my thoughts exactly!
This is great. I’ve been installing CUs fairly proactively, except on specific high-risk targets, like accounting servers. The risk is more to my job than the server, but sometimes every hiccup gets blamed on the last action, and he who enacts the most frequent actions is the most likely to be carrying his own head out on a spike. The warning before made the DBA have no recourse. Now, we can point at you (yep).
Will there be an easy way to download the prior CU, especially right when a new one is released? I know that there have been issues in the past with the latest updates causing issues or introducing issues/behaviors that aren’t in prior updates. Being able to easily get the prior version would be helpful when the CU is just released for those who want to be a little more cautious.
We will soon release/maintain all CUs into the Windows Update Catalog to facilitate acquisition and distribution.
Yes, we will soon release/maintain all CUs into the Windows Update Catalog to facilitate acquisition and distribution.
Is this for all supported versions of SQL? Back to 2008? (presumably not 2005, right?)
SQL Server 2008 and SQL Server 2008 R2 are in extended support and do not receive cumulative updates. This announcement is true for all cumulative updates being released for SQL Server 2012 and above.
Hi,
Would the newly released CUs be a fix for all SQL Server Components viz SSMS, SSAS,SSIS and SSRS? By simply deploying the latest builds are we in anyway risking our SQL Server Environment?
Thanks
As mentioned in the post, we thoroughly test the cumulative updates CU’s are certified and tested to the level of SP’s. You can follow the same process that you use to apply Service Packs and apply Cumulative Updates with the same level of confidence. Cumulative Updates will have a KB article associated with it which will outline the updates/fixes it contains and the components affected by the update. All Cumulative Updates are applicable to database engine, analysis services, reporting services and integration services. Starting from SQL Server 2016, Management Studio is available as a separate download on the Microsoft Download center. For SQL Server 2014 and below, cumulative updates contain fixes for SSMS as well.
Will we be able to download previous CU’s from the download center? Say at some point CU9 was the latest available and installed using the download center and a year the latest CU is CU14 but we need CU9 to be deployed on a test server, will CU9 still be available?
Yes, we will soon release/maintain all CUs into the Windows Update Catalog to facilitate acquisition and distribution.
Will we be able to download previous CU’s from the download center? Say at some point CU9 was the latest available and installed using the download center and a year later the latest CU is CU14 but we need CU9 to be deployed on a test server, will CU9 still be available?
Yes, we will soon release/maintain all CUs into the Windows Update Catalog to facilitate acquisition and distribution.
Hi,
Will a mechanism be put in place to alert us of new CUs as they become available, i.e.: RSS feed and/or email?
This was never an issue with SPs as they arrived so infrequently, but with more regular updates, notifications would be very useful.
Thank you,
Jon Reade.
Thank you for the feedback.
We will continue to publish about the release of the cumulative updates on https://blogs.msdn.microsoft.com/sqlreleaseservices as we do currently. We are also evaluating offering the latest CU as an Optional update on Microsoft Update, just like Service Packs today.
Releasing the CUs on WU is a good idea. If they receive the same testing as SPs, I don’t see why they shouldn’t be treated the same.
What is the difference between a Service Pack and a Cumulative Update? Please explain.
Nuts and bolts-wise, SPs are very similar in that they are a cumulative patch of all previous updates since a baseline. For SPs, that baseline is RTM of course. For CUs, the baseline could be RTM, or a SP, depending on baseline lifecycle. Certification/testing-wise, the comments are correct – there is little difference. SPs obviously get more time for field testing simply due to the nature of the release timeframes. Other functional differences are around branding, licensing, and the provisioning of Slipstream media builds for SPs only.
SP’s are also key to the Microsoft Service Pack lifecycle, as it anchors specific SP releases CU servicing lifecycle. The release of baseline SPs also afford the ability to keep the frequent CU servicing release size and complexity in check. Imagine an RTM CU30 :-).
Hope this helps!
Do you know which WSUS classification the cumulative updates will come under? Will it be Service Packs, Update Rollups, Updates, or Upgrades, or something else?
Thanks
o Classification: Update
o Designation: Optional
In the time I’m very happy with this post today.
Hi,
You state that “Updates reflecting this change to various MSDN and Knowledge Base articles are rolling out now” but when can we actually expect the SQL incremental servicing model documentation (i.e. https://support.microsoft.com/en-us/kb/935897) to be updated to reflect these changes and also so that the model applies to all supported versions of SQL Server (currently this model doesn’t appear to apply to SQL Server 2014) and will it apply to SQL Server 2016?
Thanks,
Hi Mark. Yes, KB935897 is slated for the addition of ISMv2 guidance/language. We prioritized KB/Article updates based on whether or not the document currently contains incorrect/deterrent language. For example, KB articles with the cCU cautionary/deterrent guidance were updated right away. Everything in KB 935897 is technically correct for ISMv2 as it currently sits. We will , however, be adding the new guidance very soon.
Thank you for pointing out the “Applies To” section is missing SQL Server 2014. This is being updated now (along with adding SQL Server 2016 – the same will apply).
I have been noticing that security hotfixes and cumulative updates are the same size download and that the version number updates in the same path between the two. At this point, are security hotfixes still only fixing a specific issue or are they basically another cumulative update?
We release two packages for every security update. Which one is applied depends on whether you have a CU installed or not. If you are on the baseline (say RTM or an SP with no CUs or other hotfixes applied), you only need to apply the security update which is the lower version of the two and this will not have any cumulative update fixes. However, you can also apply the higher version which will bring the instance up-to-date with all CUs and security updates up to that point. If you already have a CU applied, then apply the other security package that includes this CU or a later CU which includes all fixes (security and otherwise). This way whether you are on baseline or not, you can apply the appropriate package.
Thanks,
Ajay.
So once a CU is applied, then it will be the higher version security hotfix (which is a cumulative update). If no CU is ever applied then it would be the lower version security hotfix which is only the security hotfix. Is that correct?
Correct, even if one CU is applied you will need to apply the CU version of the security update which will automatically include all security updates and CUs released to that point. Same thing with security update. They are cumulative within themselves. For example, if we released 3 security updates, you just need to apply the last one and this will automatically include the previous released security updates for that version of the product.
is there an ETA on when the CU will be available on the Windows Update Catalog ?
+1
When can we expect the older CU’s to show up in Windows update? App Vendors test & certify their products on specific branches, e.g. SQL 2012 SP3+CU1 or SQL 2014 SP1+CU5 and in such cases DBA’s are forced to stick to the same version per vendor support agreements.
In such cases, how does one get the older CU? (This does not discount the fact that the latest CU is “cumulative”). .
It’s just a legal/support thingy.
Hi.
We wanted to get the SQL Server 2014 SP1 CU5, I tried to access the following URL.
# Latest version is SP1 CU6. But I want to get the SP1 CU5 for verification
http://catalog.update.microsoft.com/v7/site/Search.aspx?q=SQL+Server
However, the search results and SP1 CU5 Microsoft Update, do not see the other CU.
Or in Microsoft Update, but he released CU was thinking whether become so available until now, should I do in order to get the CU not up-to-date at the moment?
Is a KB of CU5, https: even if the access to http://support.microsoft.com/en-us/kb/3130926, has links to the latest CU is provided, it is not possible to obtain a CU5 It was.
Thanks.
Masayuki is correct.
Whatever was done has disabled access to older CU’s. I was also trying to get 2014 SP1 CU5 and tried on various browsers but the provided link and instructions simply don’t work.
It seems counter productive to make it so difficult to target a specific version to download. Sometimes the simplest fix is best. Put the download link to 2014 SP1 CU5 on it’s KB page.
Please use the link http://catalog.update.microsoft.com/v7/site/Search.aspx?q=SQL%20Server%202014%20
Hi,
Supposed a software product says it supports up to SQL Server 2012 SP1 but MS has already released SP1 CU1. Should I stay on SP1 till the software product is certified to support higher level ?
I would have a discussion with the support team for the product in question to determine if applying a CU would make the product unsupported. An easy scenario where applying a CU would be required, if you need an improvement or a fix which is available in a particular CU.
I have never seen any third party compatibility documentation that listed an SQL CU.
SQL 2016 docs state that we should apply CU on a case by case basis: “On an installed instance of SQL Server 2016, we recommend that you apply the latest security updates and critical updates including General Distribution Releases (GDRs), and Service Packs (SPs). Individual Cumulative updates and security updates should be adopted on a case-by-case, “as-needed” basis.”
As this documentation has been made available after this blog post, I’m bit confused about the path for CU. Proactive or case by case?
Also, how Azure SQL Server VM image are updated and should I expect to have a new image for every CU released?
Thank You
https://msdn.microsoft.com/en-us/library/hh479746.aspx
Thank you for bringing this to our attention Francois. As part of updated guidance to proactively apply CUs as they become available, this articles updates were missed. The article will be updated ASAP to reflect the new guidance that is called out in other documentation.
With regard to SQL Azure images in the Azure SQL gallery, currently images are not refreshed for each CU released. This is, however, under current evaluation and images may be refreshed on a regular basis soon. That does not imply, however, that current VM subscriptions would need to be refreshed every time the gallery is updated. CUs can be applied directly to your VM from the sources described in the MSDN article.
Thanx!
SQL Server Engineering
hi, we are on MS sql server (Microsoft SQL Server 2012 (SP1) – 11.0.3393.0 (X64) and wanted to check if we can directly upgrade to SP3 latest CU patch , if yes would you point me to some doc on how to do it, also do we have to first upgrade to SP3 and then patch to the latest CU or can this be done in one step .
You will need to apply Service Pack 3 and then apply the latest cumulative update.
Hi
Will this affect security hotfixes as well – e.g. will applying a GDR release of a security hotfix introduce plan-affecting changes to the query optimizer or add / remove features ?
Thanks
Any query optimizer fixes are issued under TF 4199 (look for the description in http://aka.ms/traceflags for details), so unless you are already using that, no changes from that perspective.
Hi,
I see for SQL 2016 that SQL RTM CU4 and SP1 CU4 are released on the same dates and same for the next CU’s on both. I was under the impression that once a new service pack has been released , no more CU are released for the Older SP or RTM. Has this changed recently or been in place for long
Hi Sumit,
This has been like this for a long time. We keep releasing CUs for a N-1 SP roughly for 12m after N-1 released (N-1 being RTM or SPx, whichever is the latest).
Can this polify be found on docs.microsoft.com or MSDN/Technet?
This is the official Microsoft blog for SQL Server servicing releases. You can use the information you find here as reference.
Can this policy be found on docs.ms or Technet/MSDN?
Thanks
Bernd
Hi Bernd, yes, you can find it at KB 935897.