Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2, Windows Server Update Services
On this Web page you will find information about updates in the context of Windows Server Update Services (WSUS).
What Is an Update?
An update provides replacement files for software that is installed on a computer. Every update that is available on Microsoft Update is composed of two components.
Metadata provides information about the update. For example, metadata supplies information for the properties of an update, including what product and platform to which the update is applicable, whether it is a new or revised update, and what languages you want to download. Metadata also includes Microsoft Software License Terms. The metadata package downloaded for an update is typically much smaller than the actual update file package.
Update files are the actual update binary files installed on a computer.
When updates are synchronized to your WSUS server, the metadata and update files are stored in two separate locations. Metadata is stored in the WSUS database. Update files can be stored either on your WSUS server or on Microsoft Update servers, depending on how you have configured content storage options through the WSUS console.
For more information about your options for storing updates with WSUS, see Deploying Microsoft Windows Server Update Services.
Update Products and Classifications
Updates are made available by product. For each product, updates are differentiated by classification.
A product is a specific edition of an operating system or application (for example Windows Server 2003, Datacenter Edition). A product family is the base operating system or application from which the products are derived. An example of a product family is Microsoft Windows, of which Windows Server 2003, Datacenter Edition, is a member.
The update classification represents the type of update. For any given product or product family, updates could be available among multiple classifications (for example, Windows XP family critical updates and security updates). For definitions of update classifications, see Description of the standard terminology that is used to describe Microsoft software updates.
WSUS only supports updating products by computer, not by user.
Updates Available by Product
- For information about products currently supported by WSUS as well as classifications available and known issues for updates of each product, see Products Supported by WSUS.
How WSUS Works with Microsoft Update
If you are using WSUS, you configure synchronization options—for example, products, update classifications, and languages—through the WSUS console, and do not go directly to Microsoft Update. WSUS connects directly to Microsoft Update to get both the update metadata and the update files as specified by the content storage options you configure through the WSUS console.
You manage all synchronized updates on the WSUS console. The Update News section on the Windows Server Update Services page on TechNet provides links to a list of Windows and non-Windows updates to make it easier for you to see recently published new, revised, or rereleased updates. This can help you determine which updates to include in your WSUS update synchronizations.
Update Revisions and Update Rereleases
An update revision is a version of an update that contains changes since it was last published. For example, the change might be an updated EULA, UI text, applicability rules for computers, modified language support, or changes to the actual update files.
If you configure your WSUS server to automatically approve new revisions of an update, you will ensure that the latest version of a previously approved update will be available for your client computers when they contact the WSUS server.
If you prefer to validate all revised updates, you must approve the latest revision manually. This approach might be an option to consider in the following scenarios:
If there is a binary file change in an update revision release, and you want to test the update before automatically installing it on your client computers.
If the revised update has changes that would apply only to specific computers in your network. For example, a revised update might fix an issue in Microsoft Windows 2003 operating systems, but does not impact computers running Windows 2000 operating systems, and you have both Windows 2000 and Windows 2003 operating systems in your network.
An update rerelease is a replacement for an update that has expired.
If you have installed an update and it is either revised or rereleased, read the Description and Deployment Information columns associated with the update on the WSUS TechNet page, and read the Description of the standard terminology that is used to describe Microsoft software updates to help determine if you need to perform any action for the update associated with the update's revision or rerelease publication.
Superseding and Superseded Updates
Typically, an update that supersedes other updates does one or more of the following:
Enhances, improves, or adds to the fix provided by one or more previously released updates.
Improves the efficiency of its update file package, which is installed on client computers if the update is approved for installation. For example, the superseded update might contain files that are no longer relevant to the fix or to the operating systems now supported by the new update, so those files are not included in the superseding update's file package.
Updates newer versions of a product, or in other words, is no longer applicable to older versions or configurations of a product. Updates can also supersede other updates if modifications have been made to expand language support. For example, a later revision of a product update for Microsoft Office might remove support for an older operating system, but add additional support for new languages in the initial update release.
Conversely, an update that is superseded by another update does the following:
Fixes a similar vulnerability in the update that supersedes it. However, the update that supersedes it might enhance the fix or modify the applicability to client computers that the superseded update provides.
Updates earlier versions or configurations of products.
On the WSUS console, the WSUS update page clearly indicates those updates that have a superseded or superseding relationship with an earlier version. The Details tab also includes "Superseded by" and "Supersedes" status information for updates, in addition to KB links containing more information about each update.
WSUS does not automatically decline superseded updates, and it is recommended that you do not assume that superseded updates should be declined in favor of the new, superseding update. Before declining a superseded update, make sure that it is no longer needed by any of your client computers. These are three possible scenarios in which you might need to install a superseded update:
If a superseding update supports only newer versions of an operating system, and some of your client computers run earlier versions of the operating system.
If a superseding update has more restricted applicability than the update it supersedes, which would make it inappropriate for some client computers.
If an update no longer supersedes a previously released update because of new changes. It is possible that, through changes at each release, an update no longer supersedes an update it previously superseded in an earlier version.
Approving a Superseding Update
Because a superseding update typically enhances a fix provided by a previously released, superseded update, it is recommended that you first see how many client computers will be compliant with the new update, and work backward from there. Use the following process.
To approve a superseding update
Approve the superseding update for installation on all applicable computers.
Check the resulting status of the approval action on your computers. Note which computers show status as "Not needed" for the update, and then compare the properties of those computers with the properties of the update.
Use the information in the update properties to help you determine which previously released version of the updates are available. For example, in WSUS 2.0, look under "Supersedes" on the Details tab, and check the "Description" and KB article number entries if appropriate.
Get information about the superseded, previously released versions of the updates by viewing their properties.
Approve the update for installation when you find a superseded update that seems appropriate for the remaining client computers.
Repeat this process until all of your client computers are updated with the intended fix.
An expired update is an update that has been invalidated by Microsoft. An expired update can also be an update that has been superseded by the release of another update (new or revised) that fixes or enhances functionality or applicability offered by the expiring update. In this case, the superseding update should be approved in place of the expired update. An update that is expired can no longer be approved for detection or installation.