Does the latest Windows Server Cumulative and Quality Monthly update cover patches back to 2019?

troy price 0 Reputation points
2023-01-28T20:40:45.7333333+00:00

Hi there, I have number of Servers which have not been patched since 2019. The automatic function to check for updates (from WSUS) has been turned off and now I need to push out Cumulative and Monthly updates for various Windows versions (2012,2016 and 2019).

Can I push out the latest SSU and Cum/Monthly update and will this cover the last couple of years of missing updates?

I need to advise on the missing updates which need to be applied. So, I am planning to either install the latest updates or do I need to figure out missing updates which needs to be applied. If the latter needs to done, what is the best way to get the list of missing patches (Cum/Monthly)

Thanks

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,457 questions
Windows Server 2016
Windows Server 2016
A Microsoft server operating system that supports enterprise-level management updated to data storage.
2,371 questions
Windows Server 2012
Windows Server 2012
A Microsoft server operating system that supports enterprise-level management, data storage, applications, and communications.
1,529 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,721 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Dave Patrick 426.1K Reputation points MVP
    2023-01-28T20:54:31.9933333+00:00

    That's correct, windows monthly roll-ups are cumulative.

    Rather than receiving several updates each month and trying to figure out which the organization needs, which ultimately causes platform fragmentation, administrators see one cumulative monthly update that supersedes the previous month’s update, containing both security and non-security fixes. This approach makes updating simpler and ensures that devices are more closely aligned with the testing done at Microsoft, reducing unexpected issues resulting from updates.
    https://learn.microsoft.com/en-us/windows/deployment/update/waas-overview#quality-updates

    The latest SSU plus monthly rollup are all that's required.

    --please don't forget to upvote and Accept as answer if the reply is helpful--

    1 person found this answer helpful.
  2. Fabricio Godoy 2,601 Reputation points
    2023-01-28T21:15:25.4866667+00:00

    Hey @troy price

    In my experience. yes and no.
    let me explain.

    for Yes.

    • Cumulative packages, have inside, several paths, which yes, contain past security paths, critical etc. unusual a server will request a package from a very old year, since this missing update will already be considered "superseed" by a new version...so an accumulative package of 2023 already includes all the necessary packages.

    for exemple: this is a package from 03-2021
    User's image

    and this is a list of new packages that already include these fixes.

    User's image

    so...it is not necessary to install the 2021 package.

    The WSUS server will inform about this. (superseed paths)

    However...there are specific cases, for very outdated servers, where the installation of an accumulative package from another year is requested. the same could be due to the installation of resources like .netframework which have several security packages available as well. recently, I came across this scenario, where the 2018, 2021, and January-2023 packages were requested.

    • My tip is to use the wsus automatic approval feature, for critical and security packages and perform a "cleanup in database" for superseed paths

    User's image

    hope this is help you.

    regards

    1 person found this answer helpful.
    0 comments