Skip to content

Commit f7d7c9a

Browse files
joeloffgewarren
joeloff
and
gewarren
authored
WSUS, offline scans, supersedence & .NET (#46059)
* WSUS offline scans & .NET * Fix NOTE * Update docs/core/install/includes/microsoft-update.md Co-authored-by: Genevieve Warren <[email protected]> * Update docs/core/install/includes/microsoft-update.md Co-authored-by: Genevieve Warren <[email protected]> * Clarify offering 6.0.35 --------- Co-authored-by: Genevieve Warren <[email protected]>
1 parent 04f803e commit f7d7c9a

File tree

1 file changed

+7
-0
lines changed

1 file changed

+7
-0
lines changed

docs/core/install/includes/microsoft-update.md

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -39,3 +39,10 @@ Updates for server operating systems are supported by WSUS and Microsoft Update
3939
| .NET 6 | HKLM\SOFTWARE\Microsoft\\.NET\6.0 | AllowAUOnServerOS | REG_DWORD | 0x00000001 |
4040
| .NET 5 | HKLM\SOFTWARE\Microsoft\\.NET\5.0 | AllowAUOnServerOS | REG_DWORD | 0x00000001 |
4141
| .NET Core 3.1 | HKLM\SOFTWARE\Microsoft\\.NET\3.1 | AllowAUOnServerOS | REG_DWORD | 0x00000001 |
42+
43+
#### WSUS and update classifications
44+
45+
WSUS can be configured to provide specific updates based on their [classification](/troubleshoot/windows-client/installing-updates-features-roles/standard-terminology-software-updates). Updates for .NET are classified as either *security* or *critical*. If the latest update is classified as critical, an older *security* update might be offered when an older version of .NET is installed that's superseded by the latest security update. This also applies to using the offline CAB [(Wsusscan2.cab)](/windows/win32/wua_sdk/using-wua-to-scan-for-updates-offline?tabs=powershell) to scan a machine.
46+
47+
> [!NOTE]
48+
> In some cases, WSUS might report a missing update for a version that's older than the .NET version you installed. For example, imagine a user installs .NET 6.0.36, the latest release of .NET 6. This version is classified as a critical (non-security) update. Then an application installs an older version, 6.0.33. (It's not uncommon for applications to include specific versions of .NET as a prerequisite.) If an admin configured WSUS to only provide security updates, the next scan will report 6.0.35 as a missing update. Machines configured to receive *security* updates through AU or WSUS will be offered 6.0.35, even when 6.0.36 is installed. The reason for this is that 6.0.35 supersedes 6.0.33 and is the latest *security* update.

0 commit comments

Comments
 (0)