none
KB4091664 and KB4346087 - Update Classification RRS feed

  • Question

  • Hello,

    I have a question regarding the following two Microsoft Windows Patches for Windows Server 2016 and Windows 10 LTSB 2016:

    KB4091664

    KB4346087

    Both Updates provide mitigations against the Spectre vulnerabilities. Accordingly these are security-related patches.

    Both KBs are classified as “Updates” which are normally not related to security issues.

    This classification causes a problem, because in some of our systems we only install “Security Updates” and “Critical Updates”. Accordingly the two mentioned KBs are not installed on these systems.

    Why are both Patches classified as “Updates” and not as “Security Updates”?

    Thank you

    Thursday, September 12, 2019 8:22 AM

All replies

  • Hi,
      

    Analyzed the problem you described, my understanding:
      

    1. KB4091664 and KB4346087 are not assigned a specific MSRC severity level in Microsoft Update.




      As far as I know, Critical Updates (as opposed to Critical Security Updates) have no MSRC severity set (WSUS will display it as "Unspecified"), so these two update types are not "security updates."
         
    2. As for the fixes involved in these two updates, whether it is "fix for a product-specific, security-related vulnerability", my knowledge reserve is temporarily unable to provide you with clear tips. This may require a security expert to answer your question. 
         

    Hope the above can help you.
      

    Regards,
    Yic

    Please remember to mark as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, September 12, 2019 9:09 AM
  • Hi,
     

    Any update is welcome here.
    If the issue is resolved, share your solution or find the helpful response "Mark as Answer" to help other community members find the answer.
     

    Thank you for your cooperation, as always.
     

    Regards,
    Yic

    Please remember to mark as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, September 18, 2019 2:26 AM