Microsoft patch classifications

When creating a rule, you select a classification for the Microsoft patches.

Third party and application patches do not use these categories.

When selecting classifications to approve be aware of the patching requirements of your customers. For example if a customer must remain on a specific version of Internet Explorer, do not select Updates, Update Rollups, or Feature Packs as IE could be part of any of those packages.

During the patch detection scan, we can find patches from all Microsoft channels:

  • Band B: includes new and released security fixes

  • Band C: optional, cumulative, non-security preview releases

  • Out-of-band: fixes for recently-identified issues or vulnerabilities

Read more about Windows quality updates primer.

The classifications are identified as:

Critical Updates A fix for a specific problem addressing a critical, but non-security-related bug.
Definition updates Software update containing additions to a product’s definition database.
Drivers Software controlling the input and output of a device.
Feature packs New functionality distributed outside the context of a product release, which is usually included in the next full release.
Security updates A fix for a product-specific, security-related vulnerability.
Service packs A cumulative set of hotfixes, security updates, critical updates, updates, and additional fixes. Service packs may also contain customer-requested design changes or features.
Tools A utility or feature for completing a task or set of tasks.
Updates A fix for a specific noncritical, non-security-related problem.
Update rollups A cumulative set of hotfixes, security updates, critical updates, and updates packaged together for easy deployment, generally targeting a specific area.
Upgrades An upgrade for Windows 10 features and functionality.