Decoding Windows Updates: Patch Tuesday, Previews & OOB

Windows has a variety of version numbers and update types that can be confusing at first. Let’s break down what those Windows 10 and Windows 11 build numbers mean, and then discuss the different patch/update types Microsoft releases, along with why the famous “Patch Tuesday” updates are recommended for production environments. This post will focus on Windows 10 LTSC 2021 as an example, but the concepts apply to other versions of Windows 10 and 11 as well.

Windows 10 & 11 Versions and Build Numbers

Microsoft labels Windows 10 releases by year and part of year (since 20H2). For example, Windows 10 version 20H2 (released in the second half of 2020, also called the October 2020 Update) corresponds to OS build 19042. Similarly, Windows 10 version 21H2 (second half of 2021, November 2021 Update) is build 19044. The final Windows 10 release, version 22H2 (2022 Update), is build 19045. You might also encounter Windows 10 LTSC 2021, which is an Enterprise Long-Term Servicing Channel edition based on version 21H2 – it uses the same core build 19044, but is intended for special use cases with extended support (Windows 10 LTSC 2021 is supported until January 2027). LTSC editions don’t receive feature updates every year; instead, they stick with one build and get security fixes for many years, making them very stable for mission-critical systems.

Windows 11 uses a similar naming scheme for its major versions. The original Windows 11 release (21H2, October 2021) was codenamed “Sun Valley” and is build 22000. The first big update, Windows 11 version 22H2 (2022 Update) , is build 22621 (often nicknamed “Sun Valley 2”). Microsoft has continued with this pattern (e.g. a 23H2 update was later released as a minor enablement of 22H2), but the key point is that Windows 11 build numbers start in the 22000+ range (unlike Windows 10’s 10000-range builds). (Note: “Windows 11 S” refers to S Mode​ , a locked-down mode of Windows, but it’s not a separate build – it uses the same version builds mentioned above. S Mode is more of a configuration and doesn’t affect the update types we discuss below.)

Also, keep in mind the difference between feature updates and quality updates (patches) . A feature update is when Windows jumps to a new version/build (like upgrading from 20H2 to 21H2 or from Windows 10 to Windows 11) – these are released infrequently (Windows 10 moved to an annual feature update cadence, and Windows 11 also gets occasional feature updates). In contrast, quality updates are the monthly patches that improve security and fix bugs on your current version. Quality updates do not typically change your Windows version string or build drastically (they increment the build revision). Microsoft services feature updates via the General Availability Channel and then keeps each release updated with monthly quality patches for a set period. In this post, we’re mostly talking about those monthly patches (quality updates), as they are the “Patch Tuesday” and other updates that keep your Windows installation secure and up-to-date between feature releases.

Types of Windows patches

Microsoft releases a few different kinds of updates for Windows 10/11 on a regular basis. Here’s a quick overview of the patch types and what they mean, so you know what to expect each month:

• Monthly Security Update (“Patch Tuesday” release): This is the famous Patch Tuesday update, released on the second Tuesday of each month (also called the “B release” ). These updates are cumulative, mandatory, and focus on security fixes (while also including other stability fixes). In fact, each Patch Tuesday cumulative update includes all new security fixes for that month plus any fixes from the previous month’s preview update. Because they are cumulative, installing the latest one brings your system up to date with all prior patches. Microsoft considers these updates critical – they’re pushed via Windows Update and other official channels to all systems, and Microsoft notes that “monthly security updates are mandatory” through the standard update services. For most users and organizations, Patch Tuesday is the key update to apply regularly to stay secure and compliant. These updates are generally well-tested and reliable for production environments, since they go through extensive validation. (People often use terms like “Latest Cumulative Update (LCU)” , “B release” , or “quality update” to refer to Patch Tuesday updates – all of these basically mean the official cumulative patch released on Update Tuesday.)
• Optional “C”/“D” Release (Preview Update): In most months, Microsoft also offers an optional preview update later in the month (historically in the third or fourth week, hence the old “C release” or “D release” naming based on week). Microsoft now simply calls these “optional non-security preview” releases. These updates typically do not include new security fixes; instead, they contain fixes for general bugs and sometimes enable new features or improvements that are planned to be rolled into the next month’s Patch Tuesday. In other words, the preview gives you a sneak peek of the fixes and features that will come in the following Patch Tuesday. Importantly, preview updates are optional – Windows will not install them automatically unless you manually choose to download them (for example, by clicking “Check for updates” and then selecting the optional update). They are considered production-quality by Microsoft and can be useful if you are affected by a specific issue that the preview fixes, or if you want to test upcoming changes early. However, because these updates don’t address security and aren’t broadly pushed out, many users (and IT admins) elect to skip the previews on critical machines and just wait for the next Patch Tuesday. This is generally a good practice in production environments – while preview updates are tested, they haven’t been through the full deployment cycle, so there is a slightly higher chance of some undiscovered quirk. Essentially, the preview is there if you need it, but if your systems are stable, you can let it be and get those fixes automatically in the next mandatory update. (Microsoft even recommends that enterprise admins use the preview updates for testing on a few machines to catch any issues early, but then roll out the standard Patch Tuesday broadly. For everyday users, it’s fine to ignore previews unless you’re keen to try a new feature early or require a particular fix.)
• Out-of-Band Update (OOB): These are unscheduled emergency updates that Microsoft releases outside the normal monthly cadence. An out-of-band update might be issued, for example, to patch a critical security vulnerability or a serious bug immediately, rather than waiting for the next Patch Tuesday. OOB updates are relatively rare and only used in high-urgency situations. Like the regular updates, they are cumulative (they include the latest fixes up to that point). If an OOB patch is released, you’d typically want to apply it as soon as possible, since it’s usually addressing something quite important (e.g. a widespread zero-day exploit). Microsoft will document the reason for an out-of-band release in its bulletins. For most users, you’ll only encounter an OOB update if something major needed an urgent fix (otherwise, everything waits for the scheduled Tuesday releases).

In summary, Microsoft’s update cycle for Windows 10/11 usually means a monthly rhythm: a Patch Tuesday cumulative update in the second week (with all the crucial fixes), and possibly a preview update later in the month for those who want to test upcoming fixes. All these updates are cumulative, so if you skip a preview, it’s not a problem – the next Patch Tuesday will include those improvements anyway. For a production environment, the generally recommended approach is to apply the Patch Tuesday (B release) updates promptly each month, since they’re the most critical (and mandated) updates. Microsoft explicitly recommends installing security updates “as soon as possible” to stay protected. In contrast, you might hold off on optional previews on production machines unless you have a specific need, because any benefit they provide will come through the pipeline later. This conservative approach (patching monthly, testing previews sparingly) keeps your systems stable and secure. Prioritize the well-tested Patch Tuesday updates, and only use previews for early testing or urgent fixes.

Why Patch Tuesday for production? In one line: because Patch Tuesday updates are reliable, comprehensive, and necessary for security. They undergo thorough testing and include all the latest security patches, which makes them the safest choice to keep systems up-to-date. By contrast, preview updates, while useful, are optional and don’t include new security fixes – they are there for early access to bug fixes or features and to gather feedback before those changes go mainstream. From a risk management perspective, a business will prefer the known quantity of Patch Tuesday updates (which are supported through all official channels and are mandatory installs). This doesn’t mean Patch Tuesday updates are perfect – occasionally a bad patch slips through – but generally they are the cumulative result of weeks of feedback (including feedback from those who did test the previews). So, for production, you get the best balance of security and stability by focusing on Patch Tuesday. Our advice (and practice) is to apply those monthly cumulative updates as soon as feasible each month, after perhaps a brief testing period if you manage many machines. Meanwhile, if you’re an enthusiast or IT admin, you can use a sacrificial test machine to try out the end-of-month preview updates and make sure nothing breaks, but you wouldn’t typically roll those previews out widely to all users. In short: Patch Tuesday = yes for production (regularly and ASAP); Preview patches = nice to have, but optional (use on test systems or to fix specific non-security issues as needed).

With this background in mind, you’ll be better equipped to understand the upcoming tutorial on how to patch Windows 10 Enterprise LTSC 2021 to the latest update (.msu) . We’ll walk you through the process of obtaining the patch (from the Microsoft Update Catalog) and installing it to bring an LTSC 2021 system from its base build up to the current build. Stay tuned for that guide! In the meantime, remember: keep an eye out for those Patch Tuesday updates each month and apply them to stay secure, and consider the other patch types as tools in your toolbox when needed. Your Windows build number may just be a number, but it tells you a lot about how up-to-date your system is – and with the information above, you can decode those numbers and patch names with confidence.