Overview of Windows KB Updates and Patch Deployment via Saner CVEM
Types of Windows KB Updates
Critical Update: A worldwide release addressing critical non-security issues within the operating system.
Definition Update: Enhances or modifies the definition database embedded within the Windows operating system.
Driver Updates: Affect the functionality of one or more device drivers.
Security Updates: Address OS security issues identified by external organizations. Microsoft issues patches globally and notifies users accordingly.
Feature Pack Updates: Modify specific OS features. Initially released to select users, positive feedback leads to their integration into the next major Windows release. Windows 10 typically receives two feature updates annually.
Monthly Rollup: Released every second Tuesday, consolidates all previous month's updates and adds malware definitions.
Patch Deployment via Saner CVEM
Once patches from the "Missing Patches" section are selected and applied, the Saner CVEM API interacts with the Windows Update API. This API connects to the respective repository configured on the device, either WSUS (Windows Server Update Services) or Windows Update, and attempts to download the necessary updates.
Windows Update Process:
Update Discovery: The Windows Update Orchestrator on the PC checks the Microsoft Update server or the WSUS endpoint at random intervals to prevent server overload. It searches for updates added since the last search, ensuring efficient update discovery.
Download Process: Once relevant updates are identified, the Windows Update Orchestrator automatically downloads them. This process runs in the background to ensure uninterrupted device usage.
Metadata and Arbiter Execution: When an update is applicable, the 'Arbiter' and metadata are downloaded. Once the download is complete, the Arbiter collects device details and compares them with the downloaded metadata to create an 'action list,' based on Windows Update settings.
Update Installation and Restart: If automatic update installation is enabled, the Windows Update Orchestrator typically initiates an automatic device restart post-installation. This enhances security and ensures full implementation of the update.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article