Block a specific windows update

Question

Hi everyone,&nbsp;We started using Intune in the past month and a half. Both with SCCM co-managed computers and Intune only enrolled computers.On June 9th, Microsoft published&nbsp;kb4560960 which has known issues with the print spooler. Microsoft then superseded this update with&nbsp;KB4567512.Here is the problem: My deployment ring is scheduled to deploy any deployed update 3 weeks after it is generally available. This means, if Microsoft decides to pull the update back because of a fault in the update I can be happy because the issue was taken care of in those 3 weeks. But in this case, Microsoft didn't pull the update, I was affected by the bug in kb4560960 and was required to manually install&nbsp;KB4567512 to fix this.For me this is bad management because I can't control this in anyway and it also means that any screwed up updates&nbsp; that will be published can potentially ruin my computer because I was stop this in any way... Even if I pause the ring I will still have to deal with this after I resume it...Am I right or am I missing something?&nbsp;Thanks, Rahamim.

moe_kinani · Answer

Hi RahamimL,You are correct. You can’t block or delete specific update by KB number, but you uninstall quality, feature etc.https://docs.microsoft.com/en-us/mem/intune/protect/windows-update-for-business-configure#uninstallHope this helps and good luck!Moe

matthias_hei · Answer

RahamimL&nbsp;you could temporarily change your deferral settings when the fixed patch is out and change it back to when this is installed.

rahamiml · Answer

I spoke to our advisor and he says that pausing the ring and resuming it will cause the superseded update not to be installed.He didn't test this though.Rahamim

Forum Discussion

Block a specific windows update

Share

Resources