Last year was difficult for Microsoft, its customers, and systems administrators who maintain Windows-based enterprises. Thanks to unprecedented digital attacks from worms and viruses such as MSBlaster and SoBig.F, Windows users had more security concerns to worry about in 2003 than ever before. Although Microsoft won't release the next Windows XP update, XP Service Pack 2 (SP2), until mid-2004, the company decided to address some customer demands by releasing an interim bug fix rollup called Update Rollup 1 for Microsoft Windows XP. Here's what you need to know about Update Rollup .

Why Release a Bug Fix Rollup?
In the wake of MSBlaster and SoBig.F, grumbling from Microsoft's enterprise customers finally reached the ears of company executives, who had been preaching a "stay the course" strategy. Although the company refused to reconsider its XP SP2 delivery schedule, it did strike a compromise—a rollup package that comes in two versions: one with all the fixes the company has delivered since it released XP in late 2001 and one for XP SP1, which arrived in late 2002.

Customers have several concerns about updating their XP systems, only some of which Update Rollup 1 satisfies. First, customers complain that Microsoft releases patches too frequently, making it difficult to keep systems up-to-date. Many customers wait for milestone service pack releases so that they can obtain multiple security fixes in one release. But given that XP SP2 won't happen until at least 18 months after SP1, customers have been asking for a way to bulk-install critical security updates. Update Rollup 1 is the company's answer.

Second, consumers who buy XP retail or obtain the OS with a new PC are stuck with a version that's several months old. Consumers report having to install up to 100MB of updates from Windows Update as soon as they turn on their new PC. Update Rollup 1 only partially alleviates this problem (it includes only critical security fixes—it doesn't include the majority of updates Microsoft makes available on Windows Update) and only if Microsoft provides the release to PC makers.

What You Get
Update Rollup 1 includes all 22 critical security fixes that Microsoft has issued since releasing XP in October 2001. Users can install the package in one shot, and enterprises can slipstream the package into an XP installation share to ensure that new system setups are up-to-date, securitywise, the moment they're installed. Microsoft has also issued a smaller version of the rollup package that includes just the updates released since XP SP1. For individuals, an express version of the rollup package will install only those fixes that aren't already installed on the user's system.

Recommendations
Update Rollup 1 didn't receive the same amount of testing that a typical service pack would, which might give some administrators pause. However, all the updates in the rollup have been extensively tested in the real world already, so the rollup is an acceptable risk for all but the most stringently controlled environments. For individuals, and I hope for PC makers, Update Rollup 1 is a no-brainer.