PROBLEM
When using Software Management, my vulnerabilities are failing to be installed and the patches are failing with Failed to install after two attempts.
OR
When using Software Management, my machine is not picking up any vulnerabilities, my machine returns 0 vulnerabilities.
CAUSE
Microsoft periodically updates the Servicing Stack on the Windows OS. A Servicing Stack Update (SSU) might be required to get past the issue. Without the SSU, the machine is not able to properly detect the necessary patches and/or unable to detect what may already be installed.
RESOLUTION
Microsoft maintains a list of Servicing Stack Updates (SSU) on this page. Find the correct Servicing Stack update for your specific version of Windows:
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV990001
Windows needs the Servicing Stack Update to resolve the issue.
- Install the latest update manually or via an agent procedure (see May 25th Update).
- The update needs to be installed exclusively. *Note: The SSU KB does not require a reboot. If this update is deployed with other patches a reboot is forced.
- After the installation completes, attempt a new scan on the endpoint or attempts another deployment.
May 11th, 2021 - The following SSU have been added to the Software Management feed.
- 2021-04 Servicing Stack Update for Windows 10 Version 1809 for x86 -based Systems (KB5001407).pls
- 2021-04 Servicing Stack Update for Windows 10 Version 1809 x64 (KB5001407).pls
- 2021-04 Servicing Stack Update for Windows 10 Version 1909 for x86 -based Systems (KB5003155).pls
- 2021-04 Servicing Stack Update for Windows 10 Version 1909 x64 (KB5003155).pls
- 2021-04 Servicing Stack Update for Windows Server 2019 x64 (KB5001407).pls
-
2021-04 Servicing Stack Update for Windows Server 2012 R2 x64 (KB5001403).pls
-
2021-04 Servicing Stack Update for Windows Server 2016 x64 (KB5001402).pls
May 25th, 2021 - Attached is the Agent Procedure that should assist with the installation of the missing Service Stack Updates.
If you need assistance with importing an Agent Procedure, you can review this KB article: How Do I Import An Agent Procedure?
We have also attached a Powershell script if you prefer an alternative method of installation.
APPLIES TO
All Windows OS
REFERENCE
VSA-28451