Microsoft Update rollups



  • Alan McLeod

    One of the few things that keeps my WSUS server around is this. If the MSRT//.Net update rollups were included I would ditch WSUS and manage server patches with PDQ.

    Comment actions Permalink
  • Aphreal A.

    Yes please!

    Comment actions Permalink
  • Alan McLeod

    I ended up writing some documentation and we now use PDQ as our primary Windows Update deployment system. It would be very helpful if the PDQ team could implement the other CU's that come out for each OS.

    Here are my notes for adding the other CU's to the imported PDQ Windows Update packages.


    Import the monthly  CU packages from PDQ package listing for 2012, 2012R2, 2016 - 3 packages to import. The rest of the steps are needed since PDQ does not have MSRT/.NET/IE Cumulative updates.

    Download the CU updates below and copy them over to the corresponding monthly folder

    Download the Monthly .NET Security roll up for 2012 + 2012R2 - separate DL for 2012 and 2012R2
        - search '2018-02 Security and Quality Rollup for .NET Framework'

    Download the MSRT tool - one DL for all Operating systems  2012, 2012R2, 2016
        - search 'Microsoft Software Removal Tool'
        - /q is needed as a silent parameter

    Download the IE roll up for 2012 + 2012R2
        - search 'Cumulative Security Update for Internet Explorer 11 for Windows Server 2012 R2'
        - search 'Cumulative Security Update for Internet Explorer 10 for Windows Server 2012'

    Edit the imported packages with the additional steps
        Ensure each of the additional installs are set to error mode continue
        /q is needed for MSRT step
        Add a reboot as the last step for each deployment package 


    Regular text is what’s imported by PDQ. Bold text are the CU’s that you’re adding to the imported packages

    2016     OS, MSRT
    2012R2 OS, .NET packages, MSRT, IE11
    2012     OS, .NET packages, MSRT, IE10


    • OS – Cumulative OS Patches
    • MSRT – Microsoft Malicious Software Removal Tool
    • Net – Cumulative .Net patches. These are built into 2016 OS patches which is why these are only available for 2012/2012R2.
    • IE10/11 – Cumulative IE patches. These are built into 2016 OS patches which is why these are only available for 2012/2012R2.
    Comment actions Permalink
  • Shawn Doné

    Pete, This is exactly where I am at now, I have the Monthly rollups that PDQ creates dialed in and push out to my servers. I even have the .NET pushing out and it was pretty easy but this pesky MS Malicious Software Removal Tool is racking my brain.

    I go to the MS Update Catalog, as you mention, and download the latest Removal Toolkit for the month. It shows me 2 choices for Server 2012R2 when I click the download button and they both come in only a .exe flavor. 2 download choices

    I have tried creating a package for both, since it's not clear on which to use, and alter to be custom and add the /q for quiet on the end. Also alter the OPTIONS tab and change "error mode" to "Continue". Save it and deploy to the server but getting an error. Here is my package and the error. Any thoughts that might make this work or something I might be missing? Thank you very much. Shawn

    enter image description here

    enter image description here

    Comment actions Permalink

Please sign in to leave a comment.