Patch Missing from SCCM How to Import into WSUS Manually

Whenever you have a Zero Day patch and you don’t have the patches in WSUS? What are the options you have as an SCCM admin to patch your Windows 10 devices? How to Fix the issue of the latest Zero-Day patch missing from SCCM. How to import them into WSUS console manually?

**Updated 31 March 2020

This Guide is applicable for the Following KB articles related FIX Internet Connectivity Issue With Windows 10 | VPN | Proxy.

• Windows 10, version 1909 (KB4554364)
• Windows 10, version 1903 (KB4554364)
• Windows 10, version 1809 (KB4554354)
• Windows 10, version 1803 (KB4554349)
• Windows 10, version 1709 (KB4554342)

• KB4522014 for win10 1803
• KB4522015 for win10 1809

Introduction

In General, most of the time Microsoft will release the update with WSUS metadata catalog information. Sometime, MS will release individual updates that are not part of the WSUS catalog. In this scenario, we need to import the updates into the WSUS console using Windows Catalog Agent.

NOTE! – When you see following in a KB article – Most probably you won’t see all these in SCCM WSUS or SUP configured system.

Release Channel	Available	Next Step
Windows Update or Microsoft Update	No	See the other options below.
Microsoft Update Catalog	Yes	To get the standalone package for this update, go to the Microsoft Update Catalog website.
Windows Server Update Services (WSUS)	No	You can import this update into WSUS manually. See the Microsoft Update Catalog for instructions.

NOTE! – Microsoft will be publishing these patches to WSUS soon. Probably by end of the day today!

Prerequisites

1. WSUS Server to have internet access to import the metadata from Microsoft to WSUS Console
2. The Internet Explorer need add-on ‘Microsoft Update Catalog’ to find the updates from MS site or it will be prompted when trying to open the Microsoft update catalog web site URL – http://catalog.update.microsoft.com

Overall Process – Fix Zero Day Patch Missing from SCCM

Technical Steps to Import the MS update (hotfixes) metadata in WSUS

Login into Upstream (First) SUP WSUS server

Open the Windows Server Update Services with ‘Run as administrative‘  from Administrative tools

Click ‘Yes’ in the User Access Control window

In Left-hand panel select Updates and click Import Updates…in the right-hand panel

• 

Input the KB article number and click the Search icon

• 

Identify the required patch as per the environment and click Add

• 

The metadata is added in the View Basket with update count

• 

Input the another KB article number and click Search

• 

Select the required KB article and Click Add

• 

Click View Basket, the total update count is visible

• 

Ensure all the required updates are selected and click Import icon

• 

The select updates metadata information is being imported in WSUS console

• 

The update metadata updates are imported into WSUS Console

• 

How to check the Updates are Available in WSUS console

Open the WSUS Console, Expand the Updates tab

Select All Updates and click the Search icon in the right hand panel

• 

Enter the KB article ID which is recently imported, click Find Now

• 

Updates are available in WSUS console

• 

How to Sync from WSUS to SCCM database

• Open the SCCM Console,
• Select the Software Library,
• Expand Software Updates,
• Select ‘All Software Updates‘ and right-click and select ‘Synchronization Software updates‘

• 

• Open the WSUSSYnc.log from Site server, you can find the imported update information.

• 

Resources

• KB4522014 for win10 1803
• KB4522015 for win10 1809
• SCCM Patching Software Update Process Guide