yes sorry, my initial response was incorect, I’ve edited it to explain the actual reason why we do not supersed. Please look at the previous answer
KB5037425 is a mirror of KB5035855 with the additional fix for domain controllers added to the content.
How can you say that KB5037425 does not replace in its entirety KB5035855?
Hi,
I’m not saying it does not replace.
I’m saying that we do not supersed a security update fixlet with a non-security update., as documented in the BigFix documentation page.
KB5037425 does NOT have CVEs data assigned to it, while KB5035855 has.
Generally we try not to second-guess the Microsoft classifications for Category & Severity. That said, the Relevance should handle the case (for example deploying KB5037425 should make KB5035855 become non-Relevant).
In BigFix, ‘Supersedence’ is mostly used as a platform efficiency, so the client does not have to continue evaluating older content. As this supersedence also makes it difficult to tell “how far out of date” a given client is, we’ve kicked around the idea of not superseding fixlets (either for a few months, or ending supersedence entirely)
So…I’m really interested in hearing how you’re using supersedence, and why this is important for your use…
1 Like
What we are used to is each month, you mark the previous months cumulative content for 2016/19/22 by adding “(Superseded)” to the end of the original name and then the relevance for the new month is updated to reflect all of this.
The same won’t be happening (for example for 2016) with KB5037425 and KB5035855?
Yes that’s correct as it stands now