Patch Missing from SCCM How to Import into WSUS Manually

Whenever you have a Zero Day patch and you don’t have the patches in WSUS? What are the options you have as an SCCM admin to patch your Windows 10 devices? How to Fix the issue of the latest Zero-Day patch missing from SCCM. How to import them into WSUS console manually?

**Updated 31 March 2020

This Guide is applicable for the Following KB articles related FIX Internet Connectivity Issue With Windows 10 | VPN | Proxy.

• Windows 10, version 1909 (KB4554364)
• Windows 10, version 1903 (KB4554364)
• Windows 10, version 1809 (KB4554354)
• Windows 10, version 1803 (KB4554349)
• Windows 10, version 1709 (KB4554342)

• KB4522014 for win10 1803
• KB4522015 for win10 1809

Introduction

In General, most of the time Microsoft will release the update with WSUS metadata catalog information. Sometime, MS will release individual updates that are not part of the WSUS catalog. In this scenario, we need to import the updates into the WSUS console using Windows Catalog Agent.

NOTE! – When you see following in a KB article – Most probably you won’t see all these in SCCM WSUS or SUP configured system.

NOTE! – Microsoft will be publishing these patches to WSUS soon. Probably by end of the day today!

Prerequisites

1. WSUS Server to have internet access to import the metadata from Microsoft to WSUS Console
2. The Internet Explorer need add-on ‘Microsoft Update Catalog’ to find the updates from MS site or it will be prompted when trying to open the Microsoft update catalog web site URL – http://catalog.update.microsoft.com

Overall Process – Fix Zero Day Patch Missing from SCCM

Technical Steps to Import the MS update (hotfixes) metadata in WSUS

Login into Upstream (First) SUP WSUS server

Open the Windows Server Update Services with ‘Run as administrative‘  from Administrative tools

Click ‘Yes’ in the User Access Control window

In Left-hand panel select Updates and click Import Updates…in the right-hand panel

Input the KB article number and click the Search icon

Identify the required patch as per the environment and click Add

The metadata is added in the View Basket with update count

Input the another KB article number and click Search

Select the required KB article and Click Add

Click View Basket, the total update count is visible

Ensure all the required updates are selected and click Import icon

The select updates metadata information is being imported in WSUS console

The update metadata updates are imported into WSUS Console

How to check the Updates are Available in WSUS console

Open the WSUS Console, Expand the Updates tab

Select All Updates and click the Search icon in the right hand panel

Enter the KB article ID which is recently imported, click Find Now

Updates are available in WSUS console

How to Sync from WSUS to SCCM database

• Open the SCCM Console,
• Select the Software Library,
• Expand Software Updates,
• Select ‘All Software Updates‘ and right-click and select ‘Synchronization Software updates‘

• Open the WSUSSYnc.log from Site server, you can find the imported update information.

Resources

• KB4522014 for win10 1803
• KB4522015 for win10 1809
• SCCM Patching Software Update Process Guide