• Patch Lady – Not all patches make it to WSUS

    Posted on June 5, 2018 at 10:54 CDT by Comment in the Forums

    WSUS – or Windows Server Update Services – is what many corporate/business patchers use to update machines.  Larger firms use SCCM – System Center configuration manager.  But recently many of us have noticed something unusual.  The updates that come out here:  Don’t always make it on this list:

    The second link is a master listing of what is released to the WSUS platform (which ultimately impacts SCCM as well).  And here’s the head scratcher…… recently updates like https://support.microsoft.com/en-us/help/4103714 – the second 1709 update released during May and https://support.microsoft.com/en-us/help/4103722 the second 1703 update released during May didn’t end up on WSUS.  Why?  I’m honestly not sure.  Granted they include no new security updates.  Granted they are just bug fixes, but clearly someone at Microsoft deems them not important enough to deliver them to the business patching platform.  If an administrator wants them you can manually import them from the catalog into WSUS BUTTTTTTTT make sure you also match up these updates with the corresponding Servicing stack update.

    1703 needs https://support.microsoft.com/en-us/help/4132649/servicing-stack-update-for-windows-10-1703-may-17-2018

    1709 needs https://support.microsoft.com/en-us/help/4132650/servicing-stack-update-for-windows-10-version-1709-may-21-2018

    Windows 10 has to have the servicing stack update installed before the cumulative update.  When you update via windows update this is automatic.  When you patch via WSUS make sure your manual approval (or automatic approvals) includes approving both.  The Servicing stack update (or SSU) is deemed a critical update so if you have a rule set to approve critical updates, it will be approved accordingly.  Once you approve it, the operating system is smart enough to install the SSU first and then the Cumulative update (CU) second.

    But bottom line for those of you that patch with WSUS, if you are looking for certain bug fixes, they may not be up on your patching platform.

    P.S. and update – interestingly enough https://support.microsoft.com/en-us/help/4100403/windows-10-update-kb4100403 the second release for the month of May for 1803 IS in WSUS.  Still scratching my head as to why some of the second of the monthly updates are and are not in WSUS.  The SSUs of KB4132649 (1703) and KB4132650 (1709) are up in WSUS.  Man I have an itchy head.

     

    Windows Patches/Security
DON'T MISS OUT!
Subscribe to the AskWoody Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • How to use the Forums
  • All Forums

    • Recent Topics

    March 2023
    S M T W T F S
     1234
    567891011
    12131415161718
    19202122232425
    262728293031  

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2023 by AskWoody Tech LLC. All Rights Reserved.