Issue
The monthly Cumulative Update for Windows did not install during the scheduled patch policy. Other updates may have been installed, but the Cumulative Update (CU) was missed.
Environment
- Microsoft Windows Server 2019 or below
Cause
The Cumulative Update for Windows patches requires that the latest Servicing Stack Update (SSU) be installed as a prerequisite.
Newer Windows Server versions include the SSU code in the monthly Cumulative Update patches. The requirement to install SSUs is only necessary on Server 2019 and earlier versions.
Windows Update will not show the monthly CU patch as applicable until the latest SSU is installed. This will happen if you are patching with Automox or manually with Windows Update.
Recommendation
Automox recommends creating a policy that installs the Servicing Stack Updates before the primary monthly Windows patching policy runs. This will ensure that the prerequisite patch is installed, which will ensure the main patching policy installs the monthly Cumulative Update.
This policy can be scheduled to run earlier in the day, prior to the policy that targets the Cumulative Updates.
Note: Installing an SSU does not require a reboot, and the device will not flag as pending restart.
Automox has created a template policy that specifically targets the Servicing Stack Updates: Windows - Servicing Stack Updates