News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • The different types of Windows update supersedence

    Posted on MrBrian Comment on the AskWoody Lounge

    Home Forums AskWoody support Windows The different types of Windows update supersedence

    Tagged: 

    This topic contains 36 replies, has 4 voices, and was last updated by  MrBrian 1 year, 4 months ago.

    • Author
      Posts
    • #135015 Reply

      MrBrian
      AskWoody_MVP

      In the comments at https://www.askwoody.com/forums/topic/confusion-in-the-group-a-ranks/ there is a discussion about whether there are different types of supersedence that apply to Windows updates. I have more insights now that I’d like to share.

      Let’s first discuss how the list of updates that Windows Update shows is generated. When you use Windows Update to check for Windows updates in Windows 7 (and I assume also in Windows 8.1), the following seems to happen (simplified version):

      1. The Windows Update client gets a list of all applicable updates that are not installed on your computer.

      2. Any updates in the list in step 1 that you had previously marked as hidden are removed from the list.

      3. Any updates in the list in step 2 that Microsoft considers to be superseded by any other updates in the list in step 2 are removed from the list.

      The first type of supersedence seems to relate to the above process of which applicable but not yet installed updates are shown to the user in Windows Update. This type of supersedence is declared by Microsoft and is listed in the Package Details tab of a given update at Microsoft Update Catalog; example: https://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=270cb4c4-685a-4bf2-bd53-9c314d6ffc47. An important detail is that a given update might contain a newer version of all the components in another update, but Microsoft might purposely not consider the newer update to supersede (in this first type of supersedence) the older update. Let’s consider why with an example. The Windows 7 September 2016 Optional rollup update KB3185278 contains (among other things) a non-security update to Windows Media Player that updates Windows Media Player to v12.0.7601.23517. Windows 7 March 2016 security update KB3138962 contains an older version of Windows Media Player, v12.0.7601.19148. Yet the supersedence metadata for KB3138962 doesn’t list KB3185278 as superseding KB3138962, and there is a very good reason for this; if KB3185278 was considered by Microsoft as superseding KB3138962, then if both of those updates were not installed on your computer, security update KB3138962 would not be shown in Windows Update due to the presence of optional update KB3185278 in the Windows Update list, which would be a very undesirable result.

      There seems to be a second meaning of supersedence involving components of an update that is distinctly different than the first meaning of supersedence and doesn’t seem to use the supersedence metadata mentioned in the first meaning. A usage of this second meaning: When trying to install a given update, it can be considered superseded because its components are superseded by components already on the computer. Another usage of this second meaning: From Disk Cleanup Wizard addon lets users delete outdated Windows updates on Windows 7 SP1 or Windows Server 2008 R2 SP1: “Therefore, after you run the Disk Cleanup wizard, you may be unable to roll back to a superseded update. If you want to roll back to a superseded update that the Disk Cleanup wizard deletes, you can manually install the update.”

      I’ll leave you with a question for discussion that you may now be in a position to answer. According to the Windows 7 supersedence metadata for Internet Explorer cumulative update KB4036586, KB4036586 supersedes Internet Explorer cumulative update KB3185319. But yet on a Windows 7 computer with neither of these updates installed, after installing KB4036586 and then checking for updates with Windows Update, KB3185319 was listed as available, and manually installing KB3185319 did not give the message “The update is not applicable to your computer.” My question to you is: How is this possible?

      1 user thanked author for this post.
    • #135440 Reply

      MrBrian
      AskWoody_MVP

      I should have defined “supersedence” in the first post. If Microsoft has declared that Update A supersedes (first meaning of supersedence) Update B, it means that Microsoft considers Update A to replace update B. Microsoft has more information about supersedence at About Updates.

      Microsoft sometimes changes the supersedence declarations for a given update. An example of this is Update to Supersedence Behaviour for Security Only and Security Monthly Quality Rollup Updates.

    • #135708 Reply

      MrBrian
      AskWoody_MVP

      For the second type of supersedence, I referenced the word “components.” More info about components:

      Understanding Component-Based Servicing

      Servicing Windows: Part One

      P.S. Comment from ch100 (my bolding):

      “Generally it is supersedence which is revised, like what patches are obsolete for the benefit of the systems administrators and the Windows Update engine itself. This is the information that is available in the Microsoft Catalog under Package Details (you may need IE for this information to be visible).
      The Component Based Servicing mechanism and I believe Disk Cleanup do their own checks and install/uninstall correctly based on the components (dlls in general) bundled in the patches and do not take in consideration the metadata supersedence, which explains why when only the metadata is revised, those who have already installed the patch do not need to do anything else.”

    • #135319 Reply

      anonymous

      I think it’s just an oversight in the update mechanism. KB3185319 is considered superseded by the monthly quality rollups but not by the monthly security updates. Even though all of the components within KB3185319 may already be installed or superseded, the presence of the package itself is still evaluated.

      KB3185319 can be installed but make no relevant changes if a later cumulative update is installed.

      • #136304 Reply

        MrBrian
        AskWoody_MVP

        A test I did indicated that even though according to supersedence metadata KB3185319 is superseded by KB4036586, when KB4036586 is installed, a manual installation of KB3185319 proceeds and does not give message “The update is not applicable to your computer.” Using a file system snapshot program before and after KB3185319 was installed shows that in this case KB3185319 indeed installs components (which I believe are probably not actually needed).

    • #137668 Reply

      MrBrian
      AskWoody_MVP

      I propose calling the first type of supersedence metadata-supersedence, and the second type of supersedence component-supersedence.

    • #177801 Reply

      MrBrian
      AskWoody_MVP

      From Relationships Among Updates: “Supersede – An update that subsumes the functionality of another update. For example, Windows XP SP2 supersedes a number of updates for Windows XP RTM. If update A supersedes update B, and both are applicable to a given client machine, then Automatic Updates will install only update A. Declaring a supersede relationship allows newer and older updates to be used together without conflict.”

      I use the phrase “metadata-supersedence” for the type of supersedence described in the above paragraph.

      2 users thanked author for this post.
    • #179937 Reply

      abbodi86
      AskWoody_MVP

      I’ll leave you with a question for discussion that you may now be in a position to answer. According to the Windows 7 supersedence metadata for Internet Explorer cumulative update KB4036586, KB4036586 supersedes Internet Explorer cumulative update KB3185319. But yet on a Windows 7 computer with neither of these updates installed, after installing KB4036586 and then checking for updates with Windows Update, KB3185319 was listed as available, and manually installing KB3185319 did not give the message “The update is not applicable to your computer.” My question to you is: How is this possible?

      If an update contain a new component that does not originally exist in the OS, this will void the component-supersedence, because CBS cannot compare the component to the inbox components baseline
      this will make the update always installable, and cannot be marked as superseded by WU except with metadata-supersedence

      an example of such updates are:

      Cumulative Security Update for Internet Explorer 11 for Windows 8.1 (KB3185319)
      Update for Windows 8.1 (KB3038936)
      Update for Windows 8.1 (KB3162835)
      Update for Windows 8.1 (KB3118401)

      these updates will not show in WU if the latest active/installed rollup is Security
      but they will be requested if the latest active rollup is Preview (because it doesn’t supersede them on metadata level)

      3 users thanked author for this post.
      • #179974 Reply

        MrBrian
        AskWoody_MVP

        Thanks for the explanation :).

        This is the first time that I recall somebody else using the phrases “metadata-supersedence” and “component-supersedence” – which I proposed in an earlier post in this topic – at this site. Would it be fair to infer that you agree that it’s a good idea to use these phrases?

        1 user thanked author for this post.
      • #180249 Reply

        abbodi86
        AskWoody_MVP

        I used your phrases 🙂
        usually i have similar phrases, metadata level and components or CBS level

        regarding metadata-supersedence, if an update is superseded with two or more updates, this won’t be reflected on the metadata (i.e. Catalog info)
        however, in most cases components-level calculate the relation

        2 users thanked author for this post.
        • #180253 Reply

          MrBrian
          AskWoody_MVP

          Do you know if metadata-supersedence data is ever used in component-supersedence calculations?

          • #180279 Reply

            ch100
            AskWoody_MVP

            Metadata-supersedence is optional to some extent, used only by Windows Update scanning (and human readers), but as we have seen in many situations like the one presented by @abbodi86 in this thread, it has its flaws. The authoritative mechanism is still CBS based.
            Disk Cleanup also use CBS mechanism to identify fully redundant updates and remove them according to the result of the calculations.
            Credit goes to @abbodi86 for most of those written by me, although I did my own research in the past, mostly related to the metadata supersedence only.

            1 user thanked author for this post.
        • #180266 Reply

          abbodi86
          AskWoody_MVP

          No at all

          WUA makes use and calls CBS to caculate component-supersedence, but not the opposite way around

          2 users thanked author for this post.
        • #180458 Reply

          MrBrian
          AskWoody_MVP

          “regarding metadata-supersedence, if an update is superseded with two or more updates, this won’t be reflected on the metadata (i.e. Catalog info)
          however, in most cases components-level calculate the relation”

          Any further elaboration or examples of the above would be appreciated :).

          Metadata-supersedence seems to have a transitive relation, in which if Update A metadata-supersedes Update B, and Update B metadata-supersedes Update C, then Update A is considered to metadata-supersede Update C regardless of whether the metadata explicitly says so.

          1 user thanked author for this post.
        • #180477 Reply

          abbodi86
          AskWoody_MVP

          I mean if update components are superseded by two or more updates components, WU metadata doesn’t reflect the supersedence, but CBS does
          example:
          Update for Windows 7 (KB2888049) superseded by 3 updates: KB3161949, KB3092601, KB3030039

          yes, metadata works in chain mode
          but as we saw in past year (specially IE11 updates), sometimes they expire Update B and forget to expire child updates
          in this case the chain is broken and Update C is requested by WU

          2 users thanked author for this post.
          • #180525 Reply

            MrBrian
            AskWoody_MVP

            “I mean if update components are superseded by two or more updates components, WU metadata doesn’t reflect the supersedence, but CBS does
            example:
            Update for Windows 7 (KB2888049) superseded by 3 updates: KB3161949, KB3092601, KB3030039″

            I believe what you mean is that having all three updates KB3161949, KB3092601, and KB3030039 installed is sufficient to guarantee that KB2888049 will be considered not applicable for manual .msu file installation, correct? In other words, KB3161949+KB3092601+KB3030039 component-supersedes KB2888049.

            1 user thanked author for this post.
            • #180548 Reply

              MrBrian
              AskWoody_MVP

              A test revealed that when KB3161949, KB3092601, and KB3030039 are installed, KB2888049 is not listed in Windows Update. This probably isn’t due to metadata-supersedence data for KB2888049, but rather because the Windows Update detectoid for KB2888049 checks for the presence of certain versions of certain files.

              2 users thanked author for this post.
            • #180631 Reply

              abbodi86
              AskWoody_MVP

              Yes, that’s what i ment, CBS declares it as superseded, and WU inherit that status

              2 users thanked author for this post.
            • #180677 Reply

              ch100
              AskWoody_MVP

              How does it work then if, going back to one of the examples above for Windows 7 and 8.1:

              1. Monthly CU is installed, then October 2016 IE CU (last before the current mechanism was put in place) is not required, being superseded by monthly CU. This is expected behaviour.

              2. Preview monthly CU is installed on top of the previous full monthly CU, then October 2016 IE CU becomes required in WU sense.

              However preview monthly CU supersedes previous full monthly CU and according to the transitivity logic, should not require an already superseded IE old patch.

              Transitivity in such a case becomes lost each month. Is this due to broken WU metadata supersedence chain?

              More so, when full monthly CU is applied last, Disk Cleanup removes October 2016 IE CU, but becomes again “required” if the next preview is applied.

            • #180749 Reply

              MrBrian
              AskWoody_MVP

              “However preview monthly CU supersedes previous full monthly CU and according to the transitivity logic, should not require an already superseded IE old patch.”

              If by “supersedes” you meant metadata-supersedes, preview rollups don’t metadata-supersede older non-preview monthly rollups.

              1 user thanked author for this post.
            • #180876 Reply

              ch100
              AskWoody_MVP

              I think you are right, I missed this. Preview Monthly Updates only supersede the other Preview Monthly Updates at the metadata level.
              However WU recognise them as superseding the previous Monthly (not preview) updates.
              The plot thickens… 🙂

            • #180950 Reply

              MrBrian
              AskWoody_MVP

              “However WU recognise them as superseding the previous Monthly (not preview) updates.”

              In my view, that’s not correct, because if it did, then in Windows Update the presence of a newer preview rollup would cause any older non-preview rollups to not be listed.

            • #180968 Reply

              MrBrian
              AskWoody_MVP

              “How does it work then if, going back to one of the examples above for Windows 7 and 8.1:”

              If you look at https://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=4a7c98c1-098e-46ca-af01-1b80eee5f48c, note that “October, 2016 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB3185330)” metadata-supersedes “Cumulative Security Update for Internet Explorer 11 for Windows 7 for x64-based Systems (KB3185319)”. However, note that according to https://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=f864462a-bfee-406f-a376-09094e0f07b5, “October, 2016 Preview of Monthly Quality Rollup for Windows 7 for x64-based Systems (KB3192403)” does not metadata-supersede
              “Cumulative Security Update for Internet Explorer 11 for Windows 7 for x64-based Systems (KB3185319)”.

              Let’s assume it’s late October 2016. If necessary, review the Windows Update logic info in the first post. If KB3185330, KB3185319, and KB3192403 are all considered applicable to a given computer by Windows Update, then KB3185319 will not be displayed in Windows Update because KB3185330 metadata-supersedes KB3185319. However, if KB3185330 is either installed or hidden, it will not be considered applicable to the computer by Windows Update. In this case, KB3185319 and KB3192403 will be considered applicable to the computer by Windows Update, but the listing of KB3192403 does not suppress the listing of KB3185319 because KB3192403 doesn’t metadata-supersede KB3185319.

              1 user thanked author for this post.
            • #181305 Reply

              abbodi86
              AskWoody_MVP

              Windows Update (metadata) mess is limited in Windows 8.1
              but it’s beyond control in Windows 7 because of the extra complexity of GDR/LDR branch, thus i always considered its WU a lost cause 😀

    • #180875 Reply

      abbodi86
      AskWoody_MVP

      How does it work then if, going back to one of the examples above for Windows 7 and 8.1:

      1. Monthly CU is installed, then October 2016 IE CU (last before the current mechanism was put in place) is not required, being superseded by monthly CU. This is expected behaviour.

      2. Preview monthly CU is installed on top of the previous full monthly CU, then October 2016 IE CU becomes required in WU sense.

      However preview monthly CU supersedes previous full monthly CU and according to the transitivity logic, should not require an already superseded IE old patch.

      Transitivity in such a case becomes lost each month. Is this due to broken WU metadata supersedence chain?

      More so, when full monthly CU is applied last, Disk Cleanup removes October 2016 IE CU, but becomes again “required” if the next preview is applied.

      The transitivity logic works on metadata level, CBS does not care about preview or security

      IE11 cumulative is requested because it contain new non-inbox components (in both Windows 7/8.1), therefore CBS cannot flag it as superseded

      are you sure Disk Cleanup removes it?
      i just checked in Windows 8.1 and it does not

      i also double checked, KB3038936 (Update for Win8.1 Defender) does not fit this scenario
      it does not contain new components and CBS flag it as suprseded, but WU still request it if latest Rollup is Preview

      WU metadata mystery continues 🙂

      2 users thanked author for this post.
      • #180878 Reply

        ch100
        AskWoody_MVP

        IE11 cumulative is requested because it contain new non-inbox components (in both Windows 7/8.1), therefore CBS cannot flag it as superseded

        are you sure Disk Cleanup removes it?
        i just checked in Windows 8.1 and it does not

        I am (almost) certain that I have seen it before on Windows 2012 R2, which should closely mirror Windows 8.1. I don’t have the patience or time (the little time available is spent now converting some .esd just released 😉 ) to repeat the experiment to research it, sorry.
        At that time I did not understand why the October 2016 IE11 CU was offered after experimenting with installing and uninstalling Monthly CUs and Preview Monthly CUs.

        It seems natural and logic though that if the IE11 CU is not offered normally with only Monthly CUs and no Preview Monthly installed, then when the same conditions are encountered following further action like uninstalling the Preview, the IE11 CU is also removed as being redundant.

    • #181171 Reply

      MrBrian
      AskWoody_MVP

      Those that want to see which updates Windows Update considers applicable for a given computer without filtering by metadata-supersedence metadata can use Windows Update MiniTool with “Include superseded” ticked.

    • #181466 Reply

      MrBrian
      AskWoody_MVP

      Does anybody know how to get the update applicability rules for a given update?

      Info I’ve found so far:

      1. I believe that the update applicability rules are found in SyncUpdates.Xml but I don’t know how to get this info. This post suggests that it may be possible; I used Fiddler but did not see SyncUpdates.Xml info.

      2. GetExtendedUpdateInfo download URLs are found in windowsupdate.log (may need to turn on verbose windowsupdate.log logging to see them). These URLs often (always?) seem to contain “msdownload/update/others”. Example: download.windowsupdate.com/d/msdownload/update/others/2018/03/26323814_fba40cda611c618fe034e53ba08dd6271407d870.cab, which seems to have extended update applicability rules for KB2952664. Does this contain the core update applicability rules mentioned in point #1?

      3. .msu files contain a file named wsusscan.cab, which contains file package.cab, which contains (amongst other things) update applicability rules in potentially many files. One of the files in the .msu for KB2952664 contains an update applicability rule (in folder “core”) referencing file appraiser.dll. The file in point #2 does not contain an update applicability rule referencing file appraiser.dll, which leads me to believe that the answer to the question in point #2 is “no.”

      • #181494 Reply

        abbodi86
        AskWoody_MVP

        2. Yes, WU gets metadata for updates using these “others” cab files

        3. The update metdata will be always in the last two (at least) files in this path inside msu:

        msu\WSUSSCAN.cab\package.cab\core\
        msu\WSUSSCAN.cab\package.cab\extended\

        typically 2858 & 2859
        unless there are more than one .cab update file or bundled .exe, in that case would be 2858 -> the rest of list

        the latest file will hold the metadata for the main or wrapper update entry
        the one before will hold the metadata for the bundled update(s) binaries

        i.e. KB2952664 core files:
        2860 = metadata for update entry
        2859 = metadata for Windows6.1-KB2952664-v24-x86.cab (it require kernel32.dll v6.1.7601.17617 at least)
        2858 = metadata for EnableTask.exe (it require KB2952664-v24 installed and kernel32.dll v6.1.7601.17617 at least, and additional check for appraiser.dll version)

        extended will hold ExtendedProperties for the same metadata

        an example for msu package with multiple cab files is WMF 5.1 KB3191566

        wsusscn2.cab for security and some important update holds all these kinds of metadata
        you need to extract the inner package*.cab files, and check the files in c & s folders
        some metadata files are huge and require a decent text editor, i.e. AkelPad 🙂

        1 user thanked author for this post.
    • #184645 Reply

      MrBrian
      AskWoody_MVP

      Here is an example of component-supersedence:

      1. Install KB3095649 and reboot.

      2. Install KB4055038 and reboot.

      3. Look at Installed Updates. Both updates are listed.

      4. Run Disk Cleanup of Windows Updates and reboot. Look at Installed Updates. KB3095649 is not listed anymore.

    • #184659 Reply

      MrBrian
      AskWoody_MVP

      In the first post, I gave two usages of a second type of supersedence and lumped them together into one type of supersedence, but I now believe that they should be considered two types of supersedence.

      The first usage is what I now propose to be called install-supersedence. I believe that Microsoft’s usage of “superceded” in https://support.microsoft.com/en-us/help/4100480/windows-kernel-update-for-cve-2018-1038 can be considered an example of install-supersedence:

      “This update has been superceded by the following newer updates:

      April 10, 2018—KB4093108 (Security-only update)
      April 10, 2018—KB4093118 (Monthly Rollup)”

      I did a test. I installed KB4056897 and rebooted. Windows Update offered KB4100480. Then I installed KB4093108 and rebooted. Windows Update didn’t offer KB4100480. Thus, it seems that KB4093108 install-supersedes KB4100480.

    • #184683 Reply

      MrBrian
      AskWoody_MVP

      “Thus, it seems that KB4093108 install-supersedes KB4100480.”

      Given this info, it might seem reasonable to infer that if one installs KB4100480 before KB4093108, and then runs Disk Cleanup of Windows Updates and reboots, that KB4100480 will no longer be listed in Installed Updates. I tested this. I installed KB4056897 and rebooted. I installed KB4100480 and rebooted.  I installed KB4093108 and rebooted. I ran Disk Cleanup of Windows Updates and rebooted. KB4100480 was listed in Installed Updates. Thus, it seems that install-supersedence is indeed a different type of supersedence than component-supersedence.

       

      1 user thanked author for this post.
      • #185177 Reply

        MrBrian
        AskWoody_MVP

        The result in post #184683 was done on a test virtual computer without the latest version of the Disk Cleanup code that Group A has. I repeated this test on a Group A computer. The new test had a different result: KB4100480 was not listed in Windows Update at the end of the test.

    • #185210 Reply

      MrBrian
      AskWoody_MVP

      I propose that what I had been calling component-supersedence should be renamed to cleanup-supersedence, since that more accurately describes its context involving Disk Cleanup of Windows updates.

      As a review, the three types of supersedence described in this topic are:

      1. metadata-supersedence.

      2. cleanup-supersedence.

      3. install-supersedence.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: The different types of Windows update supersedence

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.