none
Again the superseeded patches

    Question

  • Hello WSUS Champs,

    Again the same old confusion/Question about approval/Disapprovals of those superseded patches.

    As I went thoroughly through many posts in this blog, I understood that they are of follwoing types;-

    1. Updates which have never been superseded (blank icon). 2. Updates which have been superseded, but have never superseded another update (icon with blue square at bottom). 3. Updates which have been superseded and have superseded another update (icon with blue square in middle). 4. Updates which have superseded another update (icon with blue square at top).

    Now My Question is about approvals.

    I have approved Patch A, now after next month’s synch it is superseded by patch B but till now the patch A has not been installed on all 100% machines.

    So what should I do in this case?

    Should I approve the Patch B and get it installed on all then disapprove the Patch A? OR

    Should I install the Patch A on all 100% machines then the Patch B on all, then disapprove the patch A.

    Please guide me, I deeply confused and the next month patches are coming near..

    Monday, February 04, 2013 5:26 PM

Answers

  • You should ideally start preparations for patch B testing and once the testing is complete and positive go for patch B approval, since in most cases it would be fixing the vulnerability more effectively.
    Monday, February 04, 2013 5:52 PM
  • Should I approve the Patch B and get it installed on all then disapprove the Patch A?

    Yes.

    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    SolarWinds Head Geek
    Microsoft MVP - Software Distribution (2005-2013)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    Tuesday, February 05, 2013 12:09 AM
  • what about my superseded patches??

    When Patch 'A' is reported in the console as = 100% Installed/NotApplicable -- which means either Patch 'A' is the current patch installed on a system -or- Patch 'B' has been installed (thus making Patch 'A' "NotApplicable") -- then you can Decline Patch 'A'.

    When a superseded patch is not 100% Installed/NotApplicable that's an indication that both Patch 'A' and Patch 'B' are missing from a system, and I would say those should be high-priority investigations, particularly if the patches have been approved for more than 48 hours. Most likely the affected machine(s) are not getting other patches either.


    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    SolarWinds Head Geek
    Microsoft MVP - Software Distribution (2005-2013)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    Tuesday, February 05, 2013 12:12 AM

All replies

  • You should ideally start preparations for patch B testing and once the testing is complete and positive go for patch B approval, since in most cases it would be fixing the vulnerability more effectively.
    Monday, February 04, 2013 5:52 PM
  • You should ideally start preparations for patch B testing and once the testing is complete and positive go for patch B approval, since in most cases it would be fixing the vulnerability more effectively.
    what about my superseded patches??
    Monday, February 04, 2013 6:40 PM
  • Should I approve the Patch B and get it installed on all then disapprove the Patch A?

    Yes.

    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    SolarWinds Head Geek
    Microsoft MVP - Software Distribution (2005-2013)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    Tuesday, February 05, 2013 12:09 AM
  • what about my superseded patches??

    When Patch 'A' is reported in the console as = 100% Installed/NotApplicable -- which means either Patch 'A' is the current patch installed on a system -or- Patch 'B' has been installed (thus making Patch 'A' "NotApplicable") -- then you can Decline Patch 'A'.

    When a superseded patch is not 100% Installed/NotApplicable that's an indication that both Patch 'A' and Patch 'B' are missing from a system, and I would say those should be high-priority investigations, particularly if the patches have been approved for more than 48 hours. Most likely the affected machine(s) are not getting other patches either.


    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    SolarWinds Head Geek
    Microsoft MVP - Software Distribution (2005-2013)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    Tuesday, February 05, 2013 12:12 AM