Microsoft patch classifications

When you create a rule, select a classification for Microsoft patches. Third-party and application patches do not use these classifications.

When approving classifications, consider your customers’ requirements. For example, if a customer must stay on a specific version of Internet Explorer, do not select Updates, Update Rollups, or Feature Packs, because Internet Explorer might be included in those packages.

During the patch detection scan, we can find patches from all Microsoft channels:

Band B: includes new and released security fixes
Band C: optional, cumulative, non-security preview releases
Out-of-band: fixes for recently-identified issues or vulnerabilities

Read more about Windows quality updates primer.

The classifications are identified as:

Applications	Used for miscellaneous apps that are detected when a WSUS server is in the network and impacting WUA detections. These applications are unsupported.
Critical Updates	A fix for a specific problem addressing a critical, but non-security-related bug.
Definition updates	Software update containing additions to a product’s definition database.
Drivers	Software controlling the input and output of a device.
Feature packs	New functionality distributed outside the context of a product release, which is usually included in the next full release.
Security updates	A fix for a product-specific, security-related vulnerability.
Service packs	A cumulative set of hotfixes, security updates, critical updates, updates, and additional fixes. Service packs may also contain customer-requested design changes or features.
Tools	A utility or feature for completing a task or set of tasks.
Updates	A fix for a specific noncritical, non-security-related problem.
Update rollups	A cumulative set of hotfixes, security updates, critical updates, and updates packaged together for easy deployment, generally targeting a specific area.
Upgrades	An upgrade for Windows 10 features and functionality.