Relevance Issue (MS22-AUG: Security Update for Windows 10 Version 1809 - Windows 10 1809 LTSC - KB5012170 (x64)) )

Usage and Config Patch
1

Relevance Issue (MS22-AUG: Security Update for Windows 10 Version 1809 - Windows 10 1809 LTSC - KB5012170 (x64)) )

We are currently having an issue with KB5012170: Security update for Secure Boot DBX. There are two release dates for this patch, Aug 2022 and April 2023. I don’t know why this KB is just now showing up as relevant and at first we only had less than 15 systems that needed to be patched. Now we have around 125 and growing.

When the fixlet is pushed from BigFix it will fail, be not relevant or install and report as fixed and report as compliant in PBI. On install/fixed it will then revert back to relevant and report as non-compliant in PowerBI.
We get the same results when manually downloading and running the install.

The most interesting part here is that some of these say like 1903 and later but not 1809 and later nor is there a ref to LTSC there is however 1809 and LTSB which if I’m not wrong was pre 1607 even being Windows 10 Enterprise LTSB (Long-Term Servicing Branch).

There are currently 4 releases of LTSC: one in 2015 (version 1507), one in 2016 (version 1607), one in 2018 (labeled as 2019, version 1809), and one in 2021 (version 21H2).

When the fixlet is pushed from BigFix it will fail, be not relevant or install and report as fixed and report as compliant in PBI. On install/fixed it will then revert back to relevant and report as non-compliant in PowerBI.
We get the same results when manually downloading and running the install.

image

image
image1533×189 40.6 KB

the interesting thing about this KB is that when you go look at MS catalog
it references 1809 + LTSB which is pre 1809 and not LTSC

image
image801×84 29.7 KB

On 21H2 systems we found that updating the BIOS and then upgrading to 22H2 would correct the issue. We currently have 111 Windows 10 LTSC (1809) systems that need this patch but cannot be taken to 22H2. Applying the BIOS update does not always work on these systems and in one case it caused the PC to not boot afterwards without adjustments in the BIOS after the upgrade. We can’t risk breaking a PC with BIOS updates and it would also be quite a project to have our techs go hands on for all these systems.

1 Like
2

Either MS messed up the msu and it really does not work on LTSC at all as it appears from the catalog to key off of LTSB or perhaps something is wrong with the relevance?

Or the BIOS update and a secure boot key reset is really needed?

Either way these patches seem to fail every time on any LTSC system we try even after a BIOS update. :frowning: as we tried this and yet in our BigFix those systems are still showing relevant and the patch never applies.

3

Were you able to find anything on this, we are experiencing similar issue in our environment too. The applicable count keeps on increasing but the deployment even if completed still shows applicable

4

This happened last month also where in we did not see any update from Big fix . Not sure why such relevance are been changed without proper notification .