Keeping software up to date is an essential task for IT admins, especially when it involves security and stability. Many admins rely on our Citrix Virtual Apps and Desktops product line to deliver mission-critical business systems and have long-lived environments with strict change controls.

To support these environments, it’s important to keep the underlying software infrastructure — Microsoft client and server operating systems, as well as support software like databases — up to date. Let’s take a quick look at Microsoft’s release cycle, including the types of updates delivered, and how you can learn more about Citrix’s validation of these updates.

The Microsoft Release Cycle

Microsoft has a well-defined release cycle for its security updates. Tuesdays are big days for Microsoft updates, and each Tuesday is assigned its own letter (the first Tuesday of the month is “A,” the second Tuesday is “B,” and so on). Microsoft delivers its mandatory security updates, known as B patches, on the second Tuesday every month, or “Update Tuesday.” Other fixes, which are generally optional, non-security updates, come with A, C, or D releases and often serve as a preview for the next month’s B patches, which are mandatory. If a security fix is critical and should be applied right away, Microsoft will release an out-of-band patch.

For Windows 7/Server 2008 R2 and Windows 8.1/Server 2012 R2 families, there are two types of updates:

  • Security-only: These updates contain the security fixes for the month. Only customers using Windows Server Update Services (WSUS) and System Center Configuration Manager (SCCM) can leverage these updates.
  • Monthly Rollup: These updates contain the security fixes, along with reliability improvements. For Windows 10, patches are always in the form of rollups.

Citrix Validation

The Citrix Interoperability Validation page is your one-stop shop for our monthly Microsoft security patch validation reports. We validate Microsoft’s security updates with both the latest Current Release of Citrix Virtual Apps and Desktops, as well as the Long-Term Service Release, and we publish a regular security patch validation report with our findings.

The validation report typically comes later during the “B week” of Microsoft operating system patches. The Citrix Interoperability Validation page also has links to other “Known Issues” articles that are related to the compatibility of Citrix products with other software.

Citrix admins should use this report to identify any known issues and test them in their own environments before deploying updates in their Citrix environments. And make sure to check out Microsoft’s Security Update Guide to find information on security updates from Microsoft, including details on severity, impact, and more.