[German]There are issues with the installation of the security updates from June 2021 in Windows 10, because the patches cannot be installed. I had already addressed this some time ago after readers' comments in the blog. Coincidentally, this week I came across Microsoft confirming this issue with ConfigMgr (SCCM).
The SSU issue in Windows 10
Administrators of Windows 10 version 2004, 20H2 as well as 21H1 who selectively install cumulative updates need to pay attention and follow the installation requirements. The prerequisite for installing the June 2021 updates is an installed update KB5003173 dated May 11, 2021.
This is related to the fact that Microsoft has integrated the Servicing Stack Updates (SSU) for Windows 10 version 2004, 20H2 as well as 21H1 into the Latest Cumulative Update (LCU). The LCU is supposed to be cumulative, but if an SSU is missing, the installation of the cumulative update goes awry. I had already pointed this out in the blog post Windows 10 SSU: Hurdles, bugs and new version KB5003974 (June 15, 2021). Quote from the article:
This means that all WSUS / ConfigMgr admins must be careful that the May update does not expire or declined. Otherwise a computer will be unpatchable in the future, if MSFT does not fix this bug and includes EVERYTHING in a future update.
This is of course a stupid trap in managed environments. The update can be downloaded manually and distributed by other means in case of need.
Microsoft confirms the issue
I came across the following tweet on Twitter this week. In the Techcommunity post Known Issue: The June 2021 Windows 10 security update is reported as not applicable from June 22, 2021, Microsoft addresses exactly the above issue.
In the Techcommunity post, Microsoft confirms that issue that the old May 2021 updates, which are actually still needed, are marked as "expired" in the management environments like WSUS or SCCM. Microsoft makes the following suggestions for the scenarios that the May 2021 update is not yet, or already, marked as expired:
- The May 2021 Windows 10 Security Update is not yet expired: To prevent the May 2021 security update from being marked as expired before all your devices are updated, ensure that the supersedence rule's "Months to wait before a superseded software update is expired" setting is set to the default of 3 months, or to an interval long enough to get the update installed on all required devices.
- The May 2021 Windows 10 Security Update has already been expired: If you still need to deploy the May 2021 security update and it has been marked as expired, follow the directions in Supersedence and Expired Software Updates to recover an expired update.
If needed, you can read Microsoft's explanations in detail in the Techcommunity post.
Cookies helps to fund this blog: Cookie settings