Patch dependencies and supersedence

Patch metadata identifies all known dependency and supersedence relationships between patches and Windows products, and between patches and other patches.

In HPE Server Automation:

  • Dependency relationships identify Windows products that must already exist on a server before you can install a certain patch.
  • Supersedence relationships identify patches that supersede or are superseded by other patches. In Windows Patch Management, supersedes means that one patch replaces another and superseded by means that the patch you are installing is replaced by another patch.

In HPE Server Automation, Windows patch management does not detect whether two patches are mutually exclusive—which is when either one can be installed but not both. Subsequently, Patch Management does not prevent you from installing both patches on a server. This means that you may be able to install both a superseded patch and a superseding patch on a server.

Supersedence relationships in WSUS patching mode

SA may not always mirror exactly the WSUS hierarchy of patch supersedence. This is because, by default, SA only imports approved patches. If your WSUS administrator declines a patch involved in a supersedence relationship, this patch does not show up in SA. Consequently, supersedence details related to non-imported patches are ignored.

Skipping superseded patches

The following patchman parameters allow SA to be configured to skip the import of superseded patches.

  • patchman.ms_mbsa20_skip_import_superseded: Skip import of superseded patches
  • patchman.ms_mbsa20_skip_import_superseded_overrides: To be used if you need specific patches imported even if they are superseded by other patches