none
How to get a list of updates that is part of Security Monthly Quality Rollup update RRS feed

  • Question

  • Hi

    I know that Security Monthly Quality Rollup update include all of the patches from previous month. Tried to refer to https://support.microsoft.com/en-us/help/4471320/windows-8-1-update-kb4471320 but could not find the list of updates that is part of this Monthly Rollup.

    Was trying to know how can I get a list of patches that is part of Security Monthly Quality Rollup?

    For example, I am trying to get a list of patches that is part of 2018-12 Security Monthly Quality Rollup for
    Windows Server 2012 R2 for x64-based Systems (KB4471320)

    Friday, September 20, 2019 9:57 AM

Answers

  • Hello,
     
    Thanks for posting in TechNet.
     
    I'm afraid that there is not such a list. As you mentioned, Security Monthly Quality Rollup contains all new security fixes for that month (the same ones included in the security-only update released at the same time), plus non-security fixes from the latest Preview Rollup as well as fixes from all previous Monthly Rollups. Refer to the following link.
     
    https://techcommunity.microsoft.com/t5/Configuration-Manager-Archive/Configuration-Manager-and-Simplified-Windows-Servicing-on-Down/ba-p/274056 
     
    Take KB4471320 as an example, we could consider that it contain all contents included in KB4471322 (new security fix for that month), KB4467695 (latest Preview Rollup) and KB4467697 (previous Monthly Rollups).
     
    Hope my answer could help you and look forward to your feedback.
     
    Best Regards,
    Ray
     


    Please remembers to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, September 20, 2019 10:28 AM
  • 4471322 is not a "Security Only Quality Update", it is a "Security-Only Update" as it does not include quality, non-security-related fixes.

    4471320 is a monthly rollup that includes both security fixes as well as quality fixes.

    This is all described at https://blogs.technet.microsoft.com/configmgrdogs/2016/12/07/update-to-supersedence-behaviour-for-security-only-and-security-monthly-quality-rollup-updates/.

    Ultimately, you need to decide with your compliance department which is best for your organization.


    Jason | https://home.configmgrftw.com | @jasonsandys

    • Proposed as answer by Kannan CS Friday, September 20, 2019 7:35 PM
    • Marked as answer by Efa77 Wednesday, September 25, 2019 3:05 PM
    Friday, September 20, 2019 4:11 PM
  • Hello, 

    > The problem is because my compliancy department says that our dept laptops are not compliant for KB4471320 (Security Monthly Quality Rollup).

    This is as expected. When security only update is installed, the monthly rollup update is still applicable, which means the monthly rollup update is shown as needed in SCCM and WSUS. 

    So it's not an actual "problem", it's all about how you want your clients are patched, by periodically deploying security only updates or by deploying cumulative monthly rollup. 

    Best Regards, 

    Ray


    Please remembers to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by Efa77 Wednesday, September 25, 2019 3:03 PM
    Friday, September 20, 2019 8:20 PM

All replies

  • Hello,
     
    Thanks for posting in TechNet.
     
    I'm afraid that there is not such a list. As you mentioned, Security Monthly Quality Rollup contains all new security fixes for that month (the same ones included in the security-only update released at the same time), plus non-security fixes from the latest Preview Rollup as well as fixes from all previous Monthly Rollups. Refer to the following link.
     
    https://techcommunity.microsoft.com/t5/Configuration-Manager-Archive/Configuration-Manager-and-Simplified-Windows-Servicing-on-Down/ba-p/274056 
     
    Take KB4471320 as an example, we could consider that it contain all contents included in KB4471322 (new security fix for that month), KB4467695 (latest Preview Rollup) and KB4467697 (previous Monthly Rollups).
     
    Hope my answer could help you and look forward to your feedback.
     
    Best Regards,
    Ray
     


    Please remembers to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, September 20, 2019 10:28 AM
  • There aren't really separate patches because they don't publish separate patches at all. The update is a rollup of all previous fixes and they don't publish a comprehensive list of all fixes that are included.

    The KB for an update contains all of the information that they make available for a specific update.

    What exactly do you want to know?

    Ultimately, this question has nothing to do with ConfigMgr though and is best addressed in a forum specific to the question which would be a Windows forum as you are asking about Windows updates.


    Jason | https://home.configmgrftw.com | @jasonsandys

    Friday, September 20, 2019 2:22 PM
  • Thanks.

    The problem is because my compliancy department says that our dept laptops are not compliant for KB4471320 (Security Monthly Quality Rollup). But we dont deploy Security Monthly Quality Rollup updates mainly because it is normally huge in sizes.

    However, we only deploy Security Only Quality Update for that particular month, as in this case KB4471322, which can be consider part of KB4471320 (Security Monthly Quality Rollup)

    Friday, September 20, 2019 3:47 PM
  • 4471322 is not a "Security Only Quality Update", it is a "Security-Only Update" as it does not include quality, non-security-related fixes.

    4471320 is a monthly rollup that includes both security fixes as well as quality fixes.

    This is all described at https://blogs.technet.microsoft.com/configmgrdogs/2016/12/07/update-to-supersedence-behaviour-for-security-only-and-security-monthly-quality-rollup-updates/.

    Ultimately, you need to decide with your compliance department which is best for your organization.


    Jason | https://home.configmgrftw.com | @jasonsandys

    • Proposed as answer by Kannan CS Friday, September 20, 2019 7:35 PM
    • Marked as answer by Efa77 Wednesday, September 25, 2019 3:05 PM
    Friday, September 20, 2019 4:11 PM
  • Hello, 

    > The problem is because my compliancy department says that our dept laptops are not compliant for KB4471320 (Security Monthly Quality Rollup).

    This is as expected. When security only update is installed, the monthly rollup update is still applicable, which means the monthly rollup update is shown as needed in SCCM and WSUS. 

    So it's not an actual "problem", it's all about how you want your clients are patched, by periodically deploying security only updates or by deploying cumulative monthly rollup. 

    Best Regards, 

    Ray


    Please remembers to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by Efa77 Wednesday, September 25, 2019 3:03 PM
    Friday, September 20, 2019 8:20 PM