Toll-free in North America

1-833-2READINESS

Everywhere else:

+44 203 633 5432

Shortcuts: Microsoft SSU’s Explained

Greg Lambert
June 15, 2022
3 minutes

Greg Lambert provides some detail on the Microsoft SSU process and how Patch Tuesday and platform component updates have evolved. microsoft logo png 2396 When Microsoft first started released updates to the Windows Installer engine – I was confused. It was early in the process, and there wasn’t as much documentation as I needed. SSU’s or Servicing Stack Updates were a bit of a mystery. We talked about Patch Tuesday and Updates all of time – but SSU’s were an update to the update process. Here is how the Microsoft documentation describes this “update to the update” process: “Servicing stack updates provide fixes to the servicing stack, the component that installs Windows updates. Additionally, it contains the “component-based servicing stack” (CBS), which is a key underlying component for several elements of Windows deployment, such as DISM, SFC, changing Windows features or roles, and repairing components. The CBS is a small component that typically does not have updates released every month.” This is description is not strictly accurate – now. We are now seeing monthly updates to Windows Installer (see CVE-2022-30147). And, for the years we have had separate updates to the Windows platform (aka Patch Tuesday) and the CBS, SSU or service stack. For most releases, SSU updates are “always” rated as critical though they may not resolve critical vulnerabilities. Essentially the SSU updates the components that update your desktop and server. Unfortunately, we have many Patch Tuesday updates that require a SSU update before they can be successfully deployed. There SSU’s were a key technical and security dependency to other platform or application updates. Which caused deployment issues. I mention SSU’s now, as they may be a thing of the past, with combined or “unified” updates from Microsoft. We have seen this for the past few months (since February). In fact, Windows 11 only offers the LCU/SSU unified option for its monthly update cycle. Microsoft has published the following note on this combined update process: “Beginning with the February 2021 LCU, we will now publish all future cumulative updates and SSUs for Windows 10, version 2004 and above together as one cumulative monthly update to the normal release category in WSUS.” You can read more about this effort here. You may not want to combine both the SSU and the LCU, and so Microsoft has offered the following advice to split up the deployments of these update packages:

  • To remove the LCU after installing the combined SSU and LCU package, use the DISM/Remove-Packagecommand line option with the LCU package name as the argument. You can find the package name by using this command: DISM /online /get-packages.
  • Running Windows Update Standalone Installer (wusa.exe) with the /uninstall switch on the combined package will not work because the combined package contains the SSU. You cannot remove the SSU from the system after installation.

If you are interested in the difference between the LCU update and the SSU update for the past May Patch Tuesday release, you can find the file manifest for each update here:

Greg Lambert

CEO, Product Evangelist
Greg Lambert is the CEO and product evangelist for Application Readiness Inc. Greg is a co-founder of ChangeBASE and has considerable experience with application packaging technology and its deployment.

Planning business modernization projects?

  • Windows 10/11 migration
  • MS server 2022
  • Migration to Azure

Is your application estate ready?

Assurance.

Unbounded.

3 months of patch protection, assessments and dependency reports for your entire portfolio.

  • No cost
  • No limit of applications
  • No software needed
  • No infrastructure required
  • No obligation
Contact us to get started