I have a Windows 2003 R2 SP2 server running TEM 8.2.1409.0, also my network is private with no access to the Internet so this is an air-gapped deployment. I’ve seen some errors on some machines when installing certain windows updates using my BigFix deployment. After reboot is performed, some actions seemed to fail. After that failing error, The console keeps showing up that those updates are still needed on that machine. I tried to re-apply the Updates again with no luck. If I try to install those same updates using standalone executables, they come back saying the updates are already installed. As example, I have a Windows 2003 machine that keeps being flagged with update KB2810071, KB2837593, and KB2850079. If those updates have been installed correctly, that means the issues I am having are related to the BigFix not able to sense that the updates have bee installed on that computer. Those same updates were installed correctly on another Win2k3 machine and obviously are not being flagged as needed on the second Win2k3 system
Any idea how to fix these kind of issues?
This behaviour is a bit frequent and I would like to find a solution besides ignoring or hiding the alert.
I have a similar issue with these updates in our 8.2.1409 site. I have a Windows 7 system which shows KB2878316 (MS14-023) in Windows Update; neither that update, nor any of the other MS14-023 variants, show as relevant in BigFix for that system.
Also, none of the other listed KBs show as applicable for this system.
We have just verified that KB2883052 has updated the same set of files (products) as KB2878316 in MS14-023. Since KB2883052 was released later, once you installed KB2883052, KB2878316 will not applicable and should not show relevant or required.
The behavior you have observed is expected though Microsoft does not say KB2883052 has superseded KB2878316.
We will publish the updates for MS14-023 so that the fixlets can reflect the applicability correctly.
My customer is required to install superseded MS patches as they currently are the only ones the vendor for that appliance has approved. I will recommend that they should contact that vendor but how can they install superseded patches that were once relevant and now are not? Second part is there a way to still deploy the patches that were not superseded when originally added to baseline but prior to action they are now superseded?