Blog Post

Windows IT Pro Blog
3 MIN READ

Simplified deployment of Windows servicing stack updates: what's new

AriaUpdated's avatar
AriaUpdated
Icon for Microsoft rankMicrosoft
Aug 10, 2021

We learn a tremendous amount from your feedback and I'm excited to announce that we are now extending combined cumulative update capabilities to more versions of Windows!

Servicing stack updates (SSUs) provide fixes to the servicing stack, the component that installs Windows updates. Last September, we announced that we were working to simplify the on-premises deployment of servicing stack updates. We shared a plan to ease the efforts of IT administrators by providing a single monthly update containing both the latest cumulative update (LCU) fixes as well as the latest SSU, if applicable. This single update package can be installed on a device to ensure that updates are applied in the correct order, thus reducing the chances of installation failures.

Based on learnings from your comments and suggestions, we are improving this capability. Let's take a closer look!

Expanding capabilities to more versions of Windows

We are thrilled to announce that combined cumulative update deployment capabilities are coming to Windows 10, version 1809, Windows Server 2019, and Windows 10, version 1909. Beginning today, you can leverage the Windows Insider Pre-release Category in Windows Server Update Services (WSUS) to deploy the August 2021 monthly quality update and SSU together as a single package to devices running these versions.

More detailed instructions on how to leverage the Windows Insider Pre-release update to deploy these combined packages can be found in our previous post. Deploy Windows SSUs and LCUs together with one cumulative update.

Note: Devices running Windows 10, version 1809 will first need the July 20, 2021 Servicing Stack Update (KB5004424) or later in order to leverage this new capability. Devices running Windows 10, version 1909 will first need the June 15, 2021 Servicing Stack Update (KB5003974) or later.

Dependencies on SSUs and rare exceptions

When we released the first combined Windows cumulative update package, we simultaneously introduced a prerequisite on the September 2020, or later, SSU. This SSU contained the changes that were needed to make devices compatible with the combined cumulative update package, enabling the servicing stack to:

  • Expand the contents of this package.
  • Orchestrate the install of a new SSU.
  • Proceed with installing an LCU using the updated version of servicing stack.

Normally, updates to the servicing stack improve reliability or address a vulnerability in the update process for the LCU, and they are effective immediately for the installation of the LCU packaged inside the combined update package type that carries the SSU. In rare cases, especially as we enhance this capability, there can be breaking changes in the interface between the servicing stack and the combined update package format. In these circumstances, an SSU that makes the servicing stack compatible with the new interface must be deployed prior to the combined (LCU + SSU) update.

Such a change occurred with the May 11, 2021 SSU which is included in the May 2021 Windows 10 monthly quality update (KB5003173) for Windows 10. Here we enhanced bootstrapping capability of servicing stack for offline servicing of the OS image. This introduced a dependency on a new interface, hence the June 2021 monthly quality update (KB5003637) included a prerequisite. While this had little to no impact on most organizations who regularly leverage monthly updates, or any impact on those who connect their devices directly to Windows Update, some organizations were negatively affected by this prerequisite. Therefore, today we are releasing a standalone SSU (KB5005260) that can be applied to Windows 10 devices that have not yet installed the May 2021 monthly quality update.

Going forward, we will strive to minimize any changes that require an SSU as a prerequisite, but if such a change occurs, we will make a standalone SSU available in addition to the combined monthly update to ensure easy manageability.

Please continue to share your thoughts

Thank you for your continued enthusiasm and feedback on making our improved servicing capabilities the best they can be. For the latest updates on new releases, tools, and resources, stay tuned to this blog and follow us @MSWindowsITPro and @ariaupdated on Twitter, or visit the Windows Tech Community for more information.

 

Updated Aug 11, 2021
Version 4.0
  • Malte's avatar
    Malte
    Brass Contributor

    Hi  MSAPic 

    just to highlight: We are not affected by the issue that we have clients older than 05-2021 so they could not patch. (which should be fixed by latest SSU)
    We have several client which already have 05-2021 / 06-2021 or 07-2021 patch level and do not patch to 08-2021.  (or in the month before 06>07-2021)
    All these affected clients show the effect as also other reported, they seems to patch the LCU but too fast and do not want to reboot.
    Even if you manually reboot. The OS versions stays old, so systems are still unpatched. 
    Unfortunally, disabling expess updates on our WSUS seems not to have any effect to this issue.

  • Malte's avatar
    Malte
    Brass Contributor

    Dear MSAPic 
    we have similar issue. Even with the cumulative patches of 2-3 month before. Why you point to express update? Does it work correctly when this option is disabled?

  • Malte's avatar
    Malte
    Brass Contributor

    a seperated WSUS Category for SSU would be usefull, so you could e.g autogrant SSUs while you be able to grant LCUs manually, or vice versa, you can exclude SSU from sync if you do not need due you patch all sys monthly and do not like to be spoiled by SSU enties in WSUS

  • abbodi1406's avatar
    abbodi1406
    Steel Contributor

    Hello AriaUpdated ,

     

    i would like to report and issue with SSU-19041.1145 and SSU-19041.1161

    both are not compatible for offline servcing (update) 1904x images on downlevel Host OS (Windows 10 1809 or earlier)

    it only work when Host OS is Windows 10 2004 or later

    Failed to create offline session from servicing stack at F:\Mount\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1161_none_2211db1ec415c341 - CDISMPackageManager::CreateCbsSession(hr:0x80004001)

     

    the last one to works well on downlevel Host OS is SSU-19041.1081
    it's actually still works well to install 2021-08 LCU into 1904x install.wim

     

    all SSU for Windows 11 (22000) and Server 2022 (20348) work fine too

  • MSAPic's avatar
    MSAPic
    Copper Contributor

    Hello AriaUpdated ,

     

    It seems this feature doesn't work properly when Express Update is enabled in WSUS.

    Scenario to reproduce the bug :

    • PC : Windows 10 20H2 with the last standalone SSU installed by WSUS KB5005260
    • Reboot the PC
    • Assign in WSUS the CU KB5005033 to the PC

     

    During the scan WSUS detected the KB5005033, it was downloaded and "installed very quickly".

    No user notification for the reboot and the update build revision (UBR) is not changed !
    I think the KB is not installed.

    Thank for your support and feedback.


  • That is really good news and will probably decrease the SSU nightmare tons of my customers are facing

  • Maniimi's avatar
    Maniimi
    Copper Contributor

    Devices running Windows 10, version 1909 will first need the June 15, 2021 cumulative update for .NET Framework 3.5 and 4.8 (KB5003974) or later.

    It seems that KB5003974 is June "Servicing Stack Update".

    Thank you.

  • Reza_Ameri's avatar
    Reza_Ameri
    Silver Contributor

    Thank you for sharing and that would be great , we need to test it and see how it goes. 

    However, it make our jobs much easier.

  • JCStorbeck's avatar
    JCStorbeck
    Copper Contributor

    When can we expect to see server 2019 SSU CU integration for Non-Insiders?  

     

    Thank you!