Forum Discussion

-Adam's avatar
-Adam
Copper Contributor
Oct 11, 2024

Understanding Window Server Updates and Cumulative Updates

Hello!

 

Can someone please help me better understand how Windows updates and cumulative updates work? And, help me understand how to prove an update has been installed?

 

Our company recently underwent a third-party security risk assessment which found a CVE-2024-38193 vulnerability for one of our WS2019 Std. servers (current OS build: 17763.6414).

 

When I look up that vulnerability here [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38193], -- and search for WS2019 in the "Server Updates" section -- it shows the appropriate update/patch as KB5041578. 

 

 

However, that update does not appear when I view the update history in Windows Update on the server.  Nor does it show up if I use cmd/PS to list installed updates.

 

I don't know much about how the Windows Update system works, but I assume the update/patch I'm interested in gets included in the next cumulative update. I can't seem to find anything that can confirm the assumption.

 

The table in this page [https://learn.microsoft.com/en-us/windows-server/get-started/windows-server-release-info] shows the KB value I referenced, as well as the OS build we're running.

 

 

Is it safe to assume the updates included in KB5041578 are included in build 17763.6414 or a cumulative update that was released after 2024-08-13?  If so, can someone point me to documentation indicating so?  I'd like to be able to show the appropriate update has been installed to mitigate the vulnerability identified.

 

Thank you!

 

Windows Server

2 Replies

  • kyazaferr's avatar
    kyazaferr
    MCT
    Nov 13, 2024

    Windows Updates vs. Cumulative Updates

    • Windows Updates: These include both security and non-security updates, typically delivered through Windows Update or WSUS. They may be individual fixes for issues, including driver updates, performance improvements, or critical updates.
    • Cumulative Updates: Starting with Windows 10 and Windows Server 2016, Microsoft adopted a model of cumulative updates. This means that each monthly update (Patch Tuesday) includes all previous fixes and improvements for the OS, including security patches. In other words, you don't need to install previous updates if you install the most recent cumulative update, as it includes everything from earlier updates.

    • For example:

      • A Cumulative Update (CU) in August might include the fixes for vulnerabilities from earlier months, plus new fixes released in that same month.
      • Security-only updates (which are available for certain versions) only include security patches and are released in addition to the cumulative updates.

      In your case, the update KB5041578 that addresses CVE-2024-38193 is likely part of a cumulative update package. That means it might not show up as a standalone update if you've already installed the cumulative update that includes it.

    •  
    • kyazaferr's avatar
      kyazaferr
      MCT
      Nov 13, 2024

      How Cumulative Updates are Packaged

      Each cumulative update contains all of the patches released previously for that version of Windows Server. So, if your server is running build 17763.6414 (a Windows Server 2019 build), then the update you're looking for (KB5041578) could already be included in a subsequent cumulative update.

      • Windows Update History: If you don't see KB5041578 listed, it could be that it is embedded in a cumulative update package, and it isn't listed separately in the update history.
      • Installed Updates via PowerShell or CMD: Similarly, running commands like wmic qfe list or Get-HotFix may not list cumulative updates separately unless you filter specifically for the KB number.

      3. Finding Which Update Was Installed

      If you want to check whether a specific update, such as KB5041578, has been installed, follow these steps:

      Method 1: Using PowerShell

      You can list all installed updates and filter by the KB number:

      Get-HotFix | Where-Object {$_.Description -like "*KB5041578*"}

      Method 2: Using Command Prompt (WMIC)

      To list all installed updates:

      wmic qfe list full

      Then search for the relevant KB number in the list.

      Method 3: Checking the Update History

      The update history can be accessed via:

      • Settings > Update & Security > Windows Update > View update history
      • You can also check Control Panel > Programs > View installed updates to find installed updates, but cumulative updates might not be listed individually.

      4. Verify if a Cumulative Update Includes the Patch

      To ensure that KB5041578 (which addresses CVE-2024-38193) is included, you'll need to check which Cumulative Update includes this specific fix.

      You can do this by searching the Microsoft Security Update Guide or release notes for Windows Server 2019 for each cumulative update after August 2024 (when KB5041578 was released). Here's the process:

       

      • Visit Windows Server Update History and identify the Cumulative Updates released after August 2024.
      • For example, if you see a Cumulative Update released in September 2024, check the release notes to confirm if it includes KB5041578.

      Conclusion

      • Yes, it's safe to assume that the update related to CVE-2024-38193 (KB5041578) is likely included in a later Cumulative Update for Windows Server 2019, especially if the update doesn't show up separately in your update history.
      • To prove the update has been installed, you can check the update history, use PowerShell commands to list installed updates, or verify the presence of the fix by looking for the cumulative update released after August 2024.
      •  

Resources