PDQ Package Library and .NET Cumulative Updates

Purpose

You are looking for a WSUS/Microsoft Update replacement integrated with PDQ Products to update .NET 4.8 and .NET 4.8.1 Frameworks from Microsoft to ensure that you have the latest applicable security patches.

Overview

Although we currently offer Microsoft Cumulative Updates in our Package Library, we frequently have customers asking about .NET Cumulative updates for 4.8 and 4.8.1 .NET Frameworks. Many customers have said that the combination of the main cumulative updates along with .NET cumulative updates, will eliminate the need for maintaining a WSUS server. Committed to our customers, we have added the .NET 4.8 and 4.8.1 Frameworks to the Package Library.

Prerequisites

It’s advised to make sure you are installing the main cumulative updates in the Package Library first as these contain the latest servicing stack updates that may be required for the .NET patch you are deploying. Alternatively, you may want to consider checking out our PSWindowsUpdates PowerShell module in the Package Library that will take care of all applicable patches for your machines and help eliminate the confusion of which patches you need to apply.

Understanding What Package To Deploy

It’s important to understand that the main Cumulative Updates for windows contain quality and security fixes for the entire operating system and are different than .NET Framework Cumulative updates which apply quality and security fixes specifically for .NET frameworks. A good security strategy should be deploying BOTH of these patches.

It’s also important to understand that the target machine you wish to update may or may not have .NET 4.8 or .NET 4.8.1 installed, depending on if it’s pre-installed with the operating system or must be installed separately. If you see a message that the update does not apply when deploying, this can mean that that version of .NET is not currently installed. We do have the base installers for .NET 4.8 and 4.8.1 available in the Package Library:

  • Microsoft .NET Framework 4.8
  • Microsoft .NET Framework 4.8.1

You may also run into confusion with a vulnerability tool identifying that a particular KB number is needed which is different than the KB number shown in the .NET patch. This is because it is a KB that combines other KBs. For example, if you look up KB5032339 in the Microsoft Catalog it actually is a combination of two KB patches for .NET 4.8 (KB5031988) and .NET 4.8.1 (KB5032005) For this reason we spilt out the patches into these 2 separate packages.

*Special Note: For Server 2019, .NET 4.7.2 comes natively installed with the operating system. We recommend installing the main .NET 4.8 Framework from the Package Library and then managing/patching .NET 4.8 cumulative updates going forward. According to this Microsoft article: "The Microsoft .NET Framework 4.8 is a highly compatible, in-place update to the Microsoft .NET Framework 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 and 4.7.2. This version of the .NET Framework ... performs an in-place update for the .NET Framework 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 and 4.7.2."

Example

Let’s say I want to patch Windows 10 (22H2) 64bit operating system.

  1. It’s a good idea to deploy the latest main cumulative update to ensure you’re running the latest servicing stack. In this case, you’ll want to download and deploy:
    • Windows 10 (21H2/22H2) - Cumulative Update (64-bit)
  2. Determine if you need to patch 4.8 and/or 4.8.1
  3. If you need to install 4.8 or 4.8.1 these base packages are available for download:
    • Microsoft .NET Framework 4.8
    • Microsoft .NET Framework 4.8.1
  4. Now download the appropriate .NET cumulative package for either 4.8 and/or 4.8.1. In this case we’re interested in these OS-specific packages:
    • Windows 10 (21H2/22H2) - .NET Framework 4.8 Cumulative Update (64-bit)
    • Windows 10 (21H2/22H2) - .NET Framework 4.8. Cumulative Update (64-bit)
  5. Deploy the packages and update .NET Framework
  6. Long term, you can automate these by setting up schedules in Deploy to target the old or missing collections in the Collection Library. In this case, we’re interested in targeting:
    • Windows 10 (21H2/22H2) - Microsoft .NET 4.8 Cumulative Update - (Old or Not Installed)
    • Windows 10 (21H2/22H2) - Microsoft .NET 4.8.1 Cumulative Update - (Old or Not Installed)
Still have a question or want to share what you have learned? Visit our Community Discord to get help and collaborate with others.