Does the latest Windows Server Cumulative and Quality Monthly update cover patches back to 2019?

troy price 5 Reputation points
2023-01-28T20:40:45.7333333+00:00

Hi there, I have number of Servers which have not been patched since 2019. The automatic function to check for updates (from WSUS) has been turned off and now I need to push out Cumulative and Monthly updates for various Windows versions (2012,2016 and 2019).

Can I push out the latest SSU and Cum/Monthly update and will this cover the last couple of years of missing updates?

I need to advise on the missing updates which need to be applied. So, I am planning to either install the latest updates or do I need to figure out missing updates which needs to be applied. If the latter needs to done, what is the best way to get the list of missing patches (Cum/Monthly)

Thanks

Windows for business | Windows Server | User experience | Other
Windows for business | Windows Server | Devices and deployment | Configure application groups
0 comments No comments
{count} vote

2 answers

Sort by: Most helpful
  1. Anonymous
    2023-01-28T20:54:31.9933333+00:00

    That's correct, windows monthly roll-ups are cumulative.

    Rather than receiving several updates each month and trying to figure out which the organization needs, which ultimately causes platform fragmentation, administrators see one cumulative monthly update that supersedes the previous month’s update, containing both security and non-security fixes. This approach makes updating simpler and ensures that devices are more closely aligned with the testing done at Microsoft, reducing unexpected issues resulting from updates.
    https://learn.microsoft.com/en-us/windows/deployment/update/waas-overview#quality-updates

    The latest SSU plus monthly rollup are all that's required.

    --please don't forget to upvote and Accept as answer if the reply is helpful--

    2 people found this answer helpful.

  2. Fabricio Godoy 2,626 Reputation points
    2023-01-28T21:15:25.4866667+00:00

    Hey @troy price

    In my experience. yes and no.
    let me explain.

    for Yes.

    • Cumulative packages, have inside, several paths, which yes, contain past security paths, critical etc. unusual a server will request a package from a very old year, since this missing update will already be considered "superseed" by a new version...so an accumulative package of 2023 already includes all the necessary packages.

    for exemple: this is a package from 03-2021
    User's image

    and this is a list of new packages that already include these fixes.

    User's image

    so...it is not necessary to install the 2021 package.

    The WSUS server will inform about this. (superseed paths)

    However...there are specific cases, for very outdated servers, where the installation of an accumulative package from another year is requested. the same could be due to the installation of resources like .netframework which have several security packages available as well. recently, I came across this scenario, where the 2018, 2021, and January-2023 packages were requested.

    • My tip is to use the wsus automatic approval feature, for critical and security packages and perform a "cleanup in database" for superseed paths

    User's image

    hope this is help you.

    regards

    1 person found this answer helpful.
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.