Microsoft says that these critical servicing stack updates (SSUs) address "an issue in which the Secure Boot revocation list (DBX) is not applied when the Secure Boot allow list (DB) update is empty."
Servicing Stack Updates (SSUs) for Windows (Oct. 2019)
Servicing stack updates contain "the 'component-based servicing stack' (CBS), which is a key underlying component for several elements of Windows deployment, such as DISM, SFC, changing Windows features or roles, and repairing components," as stated by Microsoft in the Windows IT Pro Center.
We strongly recommend you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). Installing servicing stack updates (SSU) makes sure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft security fixes.
This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) makes sure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates.
I have recently setup two new VMs running on Windows 2016 Datacenter Version 1607. I am able to grab patches successfully from my WSUS server, however, the installation for CU KB4519998 showed as 'Failed to install on 10/16/2019' under Windows Update -> Update history. When I tried to manually install the KB4519998, it said this patch has already been installed. True enough, the KB showed up under Programs and Features > View Installed Updates. So can I safety assumed that installation is successful? I have read up on the KB and I only found the below requirement. "Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. "
What's a servicing stack update, do I hear you ask? Thought so, as it's not exactly a high profile Windows 10 component and rarely gets a mention even on tech sites. Microsoft describes an SSU as being an update that fixes problems with the component that installs Windows updates.
The SSU needs to be kept up to date as it's integral to improving the reliability of the Windows 10 update process, something we all want to see. Microsoft says that it helps "mitigate potential issues while installing the latest quality updates and feature updates." Perhaps even more importantly, if you don't keep up to date with the SSU releases, then there's a chance that your device won't be able to properly install the latest security updates. The servicing stack updates don't appear every month; rather, they are issued as and when circumstances demand it. One thing remains constant though: SSU's are classified as critical security updates.
- Support removed for Windows 7 and Server 2008(R2) since Microsoft discontinued support for it on January 14th, 2020- Support removed for Microsoft Security Essentials, Windows 7 Defender, Service Packs, Remote Desktop Client and Silverlight (download switches /includemsse and /excludesp, update switches /instmsse, /instmssl and /updatetsc)- Support removed for Windows 10 version 1703 since Microsoft discontinued support for it on October 8th, 2019- Split Windows 10 download into version specific parts- Included complete rewrite of the Linux scripts version 1.19 (Special thanks to H. Buhrmester)- March 2020 updates added to 'security only' lists for Windows 8.1 and Server 2012 / 2012 R2 (x86/x64) systems- Included improved XSLT filter for the determination of dynamic Office updates by Product Id rather than ProductFamily Id (Special thanks to H. Buhrmester)- Replaced superseded November 2019 Servicing stack update (kb4523200) by March 2020 Servicing stack update (kb4540721) for Windows 10 Version 1507 (Thanks to "aker")- Replaced superseded November 2019 Servicing stack update (kb4520724) by March 2020 Servicing stack update (kb4540723) for Windows 10 Version 1607 and Windows Server 2016 (Thanks to "aker")- Replaced superseded November 2019 Servicing stack update (kb4523202) by March 2020 Servicing stack update (kb4541731) for Windows 10 Version 1709 (Thanks to "aker")- Replaced superseded November 2019 Servicing stack update (kb4523203) by March 2020 Servicing stack update (kb4540724) for Windows 10 Version 1803 (Thanks to "aker")- Replaced superseded November 2019 Servicing stack update (kb4523204) by March 2020 Servicing stack update (kb4539571) for Windows 10 Version 1809 and Windows Server 2019 (Thanks to "aker")- Replaced superseded February 2020 Servicing stack update (kb4538674) by March 2020 Servicing stack update (kb4541338) for Windows 10 Version 1903 and 1909 (Thanks to "aker")- Fix: Invalid --no-check-certificate option for Aria2 download utility (Thanks to "negg", "Dalai", "hbuhrmester" and "Gerby")- Fix: Wget utility didn't any longer download root certificates properly due to user agent aware responses from microsoft.com (Thanks to "aker")- Fix: Adjusted installation sequence to have root certificate packages installed before all all others (Thanks to "aker")
- Included complete rewrite of the Linux scripts version 1.19 (Special thanks to H. Buhrmester)- March 2020 updates added to 'security only' lists for Windows 8.1 and Server 2012 / 2012 R2 (x86/x64) systems- Included improved XSLT filter for the determination of dynamic Office updates by Product Id rather than ProductFamily Id (Special thanks to H. Buhrmester)- Replaced superseded November 2019 Servicing stack update (kb4523200) by March 2020 Servicing stack update (kb4540721) for Windows 10 Version 1507 (Thanks to "aker")- Replaced superseded November 2019 Servicing stack update (kb4520724) by March 2020 Servicing stack update (kb4540723) for Windows 10 Version 1607 and Windows Server 2016 (Thanks to "aker")- Replaced superseded November 2019 Servicing stack update (kb4523201) by March 2020 Servicing stack update (kb4540722) for Windows 10 Version 1703 (Thanks to "aker")- Replaced superseded November 2019 Servicing stack update (kb4523202) by March 2020 Servicing stack update (kb4541731) for Windows 10 Version 1709 (Thanks to "aker")- Replaced superseded November 2019 Servicing stack update (kb4523203) by March 2020 Servicing stack update (kb4540724) for Windows 10 Version 1803 (Thanks to "aker")- Replaced superseded November 2019 Servicing stack update (kb4523204) by March 2020 Servicing stack update (kb4539571) for Windows 10 Version 1809 and Windows Server 2019 (Thanks to "aker")- Replaced superseded February 2020 Servicing stack update (kb4538674) by March 2020 Servicing stack update (kb4541338) for Windows 10 Version 1903 and 1909 (Thanks to "aker")- Fix: Invalid --no-check-certificate option for Aria2 download utility (Thanks to "negg", "Dalai", "hbuhrmester" and "Gerby")- Fix: Wget utility didn't any longer download root certificates properly due to user agent aware responses from microsoft.com (Thanks to "aker")- Fix: Adjusted installation sequence to have root certificate packages installed before all all others (Thanks to "aker")
- NOTE: This version will be the last one supporting Windows 7 and Server 2008 (R2)- Included complete rewrite of the Linux scripts version 1.17 (Special thanks to H. Buhrmester)- Included new method for the determination of dynamic Office updates for DownloadUpdates.cmd (Special thanks to H. Buhrmester)- December 2019 updates added to 'security only' lists for Windows 7 / 8.1 and Server 2008 R2 / 2012 / 2012 R2 (x86/x64) systems- January 2020 updates added to 'security only' lists for Windows 7 / 8.1 and Server 2008 R2 / 2012 / 2012 R2 (x86/x64) systems- February 2020 updates added to 'security only' lists for Windows 8.1 and Server 2012 / 2012 R2 (x86/x64) systems- Integrated .NET Frameworks' January 2020 Security Only Updates and Quality Rollups- C++ 2019 Redistributable Runtime Libraries updated to v. 14.24.28127.4 (Thanks to "aker")- Replaced superseded November 2019 Servicing stack update (kb4526478) by February 2020 Servicing Stack Update (kb4537830) for Windows Server 2008 SP2 (Thanks to "aker")- Replaced superseded November 2019 Servicing stack update (kb4523206) by February 2020 Servicing Stack Update (kb4537829) for Windows 7 (x86/x64) and Server 2008 R2 (Thanks to "aker")- Replaced superseded November 2019 Servicing Stack Update (kb4523208) by December 2019 Servicing Stack Update (kb4532920) for Windows Server 2012 (Thanks to "aker")- Replaced superseded November 2019 Servicing stack update (kb4524569) by February 2020 Servicing stack update (kb4538674) for Windows 10 Version 1903 (Thanks to "aker")- Removed utility pciclearstalecache from static installation definitions for Windows 7 (x86/x64) and Windows Server 2008 R2 (Thanks to "janicholson")- Fix: Download part missed several and didn't properly exclude other Windows 10 updates due to new URLs (Thanks to H. Buhrmester)- Fix: Deletions of unsigned files were not logged properly in DownloadUpdates.cmd (Thanks to H. Buhrmester)- Fix: Added July 2016 Servicing stack updates (kb3173426/kb3173424) to scan prerequisites for Windows 8.1 / Server 2012(R2) to avoid endless update loops (Thanks to "aker")- Fix: Wget utility refused to download from download.wsusoffline.net and others due to certificate verification failures under Windows 10 / Server 2016/2019 (Thanks to J. Noller)- Fix: Wget utility didn't any longer follow HTTP redirections in download URLs for Windows Defender and Microsoft Security Essentials signature files due to user agent aware responses from microsoft.com (Thanks to "Dalai") 2ff7e9595c
Comments