How do you find needed security updates?

  1. Posts : 37

    How do you find needed security updates?

    Let me give some context, first, so my question doesn't get a lot of inapplicable answers:

    We develop software that typically runs as an embedded application on Windows - so the OS is locked down, run in kiosk mode, all updates are curated and explicitly applied in-app (auto-update is absolutely disabled).

    When starting a new project, I want to be able to grab a baseline image that has many of the typical settings already configured and/or applied (GPO's, security template, power configuration, unwanted services disabled, etc.), install that, customize it, and then sysprep and capture.

    As part of this process, I'd like that baseline image to be something I can easily keep up to date on security updates and cumulative updates by using dism for offline package management. The dism part of the process is pretty clear cut (except for a couple of things), but there's one thing I can't figure out:

    How do I identify the new updates that are needed, given the current state of my Windows image file?

    The only way I currently know how to do that is:

    1. Install the current image.
    2. Enable update service and perform updates.
    3. Look at the update history to see what new updates were applied.
    4. Search for those by KB in the update catalog.

    Then I can download the .msu files and install them in the offline image.

    But there's gotta be a better way! I've tried searching the update catalog, but it doesn't seem to return things you would expect.

    For example, one of the packages I found using the process above is a security update for KB5012170. I decided to see if I could find a systematic approach to searching the catalog that would have given me that same update. So I searched the catalog for "windows 10 security update". Even though the name of this update (when searched by KB#) is "2022-08 Security Update for Windows 10...", those search terms do not find that update.

    I'm pretty solid (I think) finding the cumulative updates for Windows 10 and for .NET Framework, but how does one find the security updates that aren't included in the cumulative updates?

    Thanks for any help/insights!
      My Computer

  2. Posts : 6,657
    Windows 11 Pro - Windows 7 HP - Lubuntu

    The updates needed depends on the Win 10 build version. As there are so many build version it won't be easy to filter the needed updates on the Catalog.
      My Computers

  3. Posts : 37
    Thread Starter

    Yes, I've noticed that, too, @Megahertz.

    I've done some more searching/reading (like looking at the Security Update Guide). It looks like the security update in my particular example would have been included in the next cumulative update, released in September 2022 (the update looks like it was August 2022). Is that right?

    But if so, why would it be shown as a separate update in the Settings->Security & Updates->View update history when I had the Jan 2023 cumulative update installed?

    This stuff is so confusing...
      My Computer

  4. Posts : 6,657
    Windows 11 Pro - Windows 7 HP - Lubuntu

    A newer update can be installed to replace an old one. You just need the recent one but if you do a clean install it may install the old one first and then the new one. M$ doesn't replace the old one with the new one on the catalog.
      My Computers


  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 05:49.
Find Us

Windows 10 Forums