Microsoft Addresses June Patch Glitch, and Starts Bundling SSUs with LCUs for Windows 10 -- Redmondmag.com

Microsoft Addresses June Patch Glitch, and Starts Bundling SSUs with LCUs for Windows 10

By Kurt Mackie
08/12/2021

Microsoft on Tuesday announced the release of a "standalone" servicing stack update (SSU) for Windows 10 systems to address a patching problem that had affected some organizations trying to apply a June security update.

"Today we are releasing a standalone SSU (KB5005260) that can be applied to Windows 10 devices that have not yet installed the May 2021 monthly quality update," explained Aria Carley, a program manager on Windows updates team at Microsoft.

This standalone SSU is said to fix a June patch glitch.

Patch Glitch: June Security Update Blocked for Some
Microsoft had described this patching problem back in June. Here's how it was characterized back then.

Microsoft had released Windows security update (KB5003637) as part of its June monthly bundle. However, this June update had a dependency on having a May SSU in place, namely KB5003173. For some organizations, this May SSU was deemed to be expired, and that circumstance prevented the June patch from getting installed.

At the time, the problem was said to just affect some organizations that used Microsoft Endpoint Configuration Manager in conjunction with Windows Server Update Services (WSUS). Microsoft ascribed the problem to the users of those products, saying that they had made changes to the default supersedence rule setting for security updates.

IT meddling with the default supersedence rule setting had somehow caused the May SSU to be ignored, Microsoft had claimed at the time. Therefore, the June patch wouldn't install.

New Explanation: Breaking Changes Made by Microsoft
However, Microsoft's Tuesday announcement doesn't mention those circumstances. Instead, Carley depicted the issue as being a "rare" case when Microsoft introduced "breaking changes in the interface between the servicing stack and the combined update package format."

Here's Carley's explanation, where a May SSU "bootstrapping" enhancement introduced a breaking change:

Such a [breaking] change occurred with the May 11, 2021 SSU which is included in the May 2021 Windows 10 monthly quality update (KB5003173) for Windows 10. Here we enhanced bootstrapping capability of servicing stack for offline servicing of the OS image. This introduced a dependency on a new interface, hence the June 2021 monthly quality update (KB5003637) included a prerequisite.

An SSU is simply a patch for Microsoft's patching system. It used to be the case that SSUs needed to be applied first before the latest cumulative updates (LCUs), but that condition was dropped years ago -- at least for Windows 7. In 2018, Microsoft pushed its SSUs into its monthly LCUs, which presumably removed the burden on IT pros on having to install SSUs first before the cumulative updates, but that apparently only happened for Windows 7.

It's been about three years since that time. Now the SSU plus LCU combo is starting to arrive for Windows 10 versions.

Windows 10 Versions Getting SSU + LCU Combo
Carley's Tuesday announcement described the ability to get SSUs combined with LCUs as being new for Windows 10. This bundled patch approach is now commencing for certain Windows 10 versions, as well as for Windows Server 2019, with the August patch releases:

We are thrilled to announce that combined cumulative update deployment capabilities are coming to Windows 10, version 1809, Windows Server 2019, and Windows 10, version 1909. Beginning today, you can leverage the Windows Insider Pre-release Category in Windows Server Update Services (WSUS) to deploy the August 2021 monthly quality update and SSU together as a single package to devices running these versions.

This capability was first announced back in September 2020, according to Carley. It's just now coming available with the August 2021 patches.

Microsoft's original rationale for combining SSUs with LCUs for Windows 7 in 2018 was that some organizations were installing "security-only" patches. The LCUs for Windows 7 included the SSUs, but the security-only patches didn't have SSUs, which proved problematic.

Of course, Windows 10 users have had similar choices for many years and could apply security-only patches, too. Microsoft is just now making it good on the Windows 10 side, it seems.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

Real-World Ransomware Recovery

Here's how I was (mostly) successful in recovering a family PC infected with malware.
Microsoft Launches Small AI Models Family Phi-3

Recognizing that bigger isn't always better, Microsoft has released its smallest open AI models to date, Phi-3.
Microsoft and OpenAI Continue Global AI Expansions

Microsoft and OpenAI each continued their global expansion this month, with the announcements of new infrastructure investments and service rollouts in new regions, like Asia and the Middle East.
Cisco Warns of Brute Force Attacks Targeting VPNs and Firewalls

Cisco has revealed that a global increase in brute force attacks targeting Virtual Private Networks (VPNs) and other devices is currently taking place.
What's Inside Microsoft 365's Security Toolbox?

Microsoft provides plenty of native tools to secure Microsoft 365. IT pros just have to know where to look.