Forum Discussion
Outdated patches being flagged out by offline WSUS scan
Hi all, I currently have a Win 2008 R2 server on my environment.
As it is a isolated environment with no internet access, I have been patching the server manually through WSUS export/import process.
I understand that it has already been declared end of life by Microsoft early this year.
So to completely declare my server is free from any further updates, I ran the offline scan (Scan-UpdatesOffline.ps1), the script flags out that I am missing these 2017 patches although I have the Jan 2020 security updates installed.
Tried to install them manually but the installation keeps failing.
Is there any way to know safe to ignore them as a false positive so I can let my higher-ups know?
And does the CVE that comes with them are fixed from the Jan 2020 security updates?
Thank you
3 Replies
- Why do think they are outdated?
unless you installed the big Rollup KB3125574, all those updates are still applicableFirstly, thanks for the reply.
I think its outdated because I already has the latest 2020 updates installed on my machine.
KB3125574 was installed on my machine, so the updates are no longer applicable?
May I know where do you get this information from?
Can you share it with me?
WaynerH Windows 7 / S2008 R2 still require updates that goes back to 2012
yes, KB3125574 replace them all on the contained components level (verified myself)
unfortunately, Microsoft have/had a rule rgarding metadata supersedence: optional or quality updates do not replace security updates
that's why you don't see in MU catalog that KB3125574 replace
i cannot provide you with a solid evidence of this
however, KB3125574 actually live-up to the info mentioed in its KB article
https://support.microsoft.com/en-us/help/3125574
meaning, it does replace all post SP1 updates, except the hotfixes listed explicitly (IE updates are exempted of course)
