ID: 405357903
Site: Patches for Windows
Source ID KB4053579
Fixlet: MS17-DEC: Cumulative Update for Windows 10 Version 1607 - KB4053579 (x64)
I deployed this fixlet to our test group but many machines reported back as not relevant. This seemed odd as our machines get patches no other way.
All the machines reporting that it is not relevant on show in the console as having OS Win10 10.0.14393.1884 (1607).
The machines that ran it and report as fixed are reporting as having Win10 10.0.14393.1944 (1607).
I downloaded the KB from Microsoft and ran it on a machine that reported it as not relevant. The machine completed the install and it now shows in the list of installed updates in Windows and it did not before.
Is it possible the relevance for this IBM provided fixlet is wrong?
I’ve ran the QnA debugger on a machine that reported back as not relevant and Relevance #8 on that fixlet is the one reporting back as false.
not exists key "Package_for_RollupFix~31bf3856ad364e35~amd64~~14393.1884.1.3" whose (value "CurrentState" of it as integer = 112) of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages" of native registry
That’s BigFix’s response to Microsoft’s change in servicing method. Microsoft provides both a “Cumulative Update” and a “Delta Update”. If you apply both to a machine without rebooting, it will likely bluescreen and fail to boot up (discussions here going back to April 2017).
Given that a machine should only install one or the other, but not both, to get to the same servicing level, the Fixlet logic is enforcing that if a client has the previous month’s rollup installed, it will be relevant only to the Delta update; if it does not have the previous month’s rollup installed, it will be relevant only to the Cumulative Update. You’ll need to include both fixlets in your baseline to ensure complete coverage.
In this case, KB4053579 is delivered in multiple fixlets, you should deploy all the relevant ones as needed:
405357901 MS17-DEC: Cumulative Update for Windows Server 2016 - Windows Server 2016 - KB4053579 (x64) 405357903 MS17-DEC: Cumulative Update for Windows 10 Version 1607 - Windows 10 Version 1607 - KB4053579 (x64) 405357905 MS17-DEC: Delta Update for Windows Server 2016 - Windows Server 2016 - Delta Update - KB4053579 (x64) 405357907 MS17-DEC: Delta Update for Windows 10 Version 1607 - Windows 10 Version 1607 - Delta Update - KB4053579 (x64) 405357909 MS17-DEC: Cumulative Update for Windows 10 Version 1607 - Windows 10 Version 1607 - KB4053579
…and your machines that look like a false-negative on 405357903 (Cumulative Win 10 1607 x64) should show Relevant for 405357907 (Delta Win10 1607 x64)