Known Issue Rollback is Microsoft's latest weapon against Windows update bugs

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
Known Issue Rollback is a fairly new capability of Microsoft's Windows 10 operating system that is designed as a tool to react to emerging bugs quickly that are introduced by updates.

There is always a chance that issues are introduced when regular updates or feature updates for Windows are installed. Some updates introduce major issues, such as boot problems or data loss, while others may introduce less serious issues. Most issues affect only part of the entire Windows population, and some needed to be throttled, stopped, or even pulled by Microsoft to fix issues.

Up until now, it was required to install another update to resolve a issue, or to uninstall the update that introduced it. Microsoft publishes workarounds for some issues, but not for all, and not directly after discovery, usually.

Known Issue Rollback was designed as a fast less disruptive alternative. Microsoft notes that about 80% of all fixes for Windows 10 version 2004 or later include Known Issue Rollback functionality already. The feature is only used with non-security fixes. Microsoft explains that updates retain the code when Known Issue Rollback is being used, and since it is "typically more vulnerable or exploitable", the feature is not used with security fixes currently.
Microsoft describes the purpose of Known Issue Rollback in the following way:
Known Issue Rollback is an important Windows servicing improvement to support non-security bug fixes, enabling us to quickly revert a single, targeted fix to a previously released behavior if a critical regression is discovered.
known issue rollback windows
The main idea is simple: assign IDs to individual fixes and updates, and disable these if they are known to cause issues. A single Windows update may contain several bug fixes, and some or all of them may support Known Issue Rollback.

Microsoft uses Windows Update or Windows Update for Business for that, and informs the service running on Windows devices about a rollback. The change is applied automatically on the user side and live after the next restart, all without uninstalling an update or installing a patch.

Some rollbacks are released before updates reach all user devices. While the patch in question will still be installed, the part of it that is causing the issue is disabled and therefore not causing the issue on the device.

Rollback scenarios change for Enterprise devices. Microsoft issues specific Group Policy on the Download Center for a rollback, and system administrators may configure and apply a policy to get the code rolled back on managed devices.

Known Issue Rollback configurations have a limited lifespan, usually a few months at the most, according to Microsoft. Most issues get fixed in the time period, and when that happens, the fix is re-issued.

Closing Words​

Known Issue Rollback may prevent bugs on the majority of Windows devices, if Microsoft reacts quickly and uses a rollback before a particular update is installed on the majority of devices. In an example given, Microsoft states that it reacted to an issue after an update was installed on 170,000 devices, and that the use of Known Issue Rollback blocked the issue from appearing on hundreds of million devices.

Windows users who want to remain in control may disable or delay the installation of Windows Updates, but they have done so already, likely.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top