Last week I have received a Microsoft Security Bulletin Alert for a Critical Patch

MS15-034 Vulnerability in HTTP.sys Could Allow Remote Code Execution (3042553)

Being a serious issue i had to skip the normal routine (and best practice in any environment) of Patching the Pilot Servers first and then the Main Groups.

So i decided to lend a helping hand in a small tutorial if you want to make a quick package and deploy it with such cases.

First thing to do is to look for the KB number of the Bulletin.

In our case for Microsoft Security Bulletin MS15-034 the KB is 3042553


Go to Software Library -> All Software Updates -> Search for 3042553

Software Updates SCCM

Checking a SU Download Status

Be sure to check if the KB package is downloaded or not.

Select and desired Packages for your specific OS that you want to target, and then Create a Software Update Group

I already have a Group for this, i call it OOB Required (Out of base updates that are required)

Go to Software Update Groups -> Right Click on your newly Created Group -> Deploy

Deploy KB Package

Deploy KB Package

Follow the standard Wizard Guide and be careful on the Scheduling and User Experience if you do not want Servers to reboot in daytime.

This KB3042553 will require a reboot.

As a extra precaution, i always use a Maintenance Window Set on all my collection so that no update can reboot my Server during work hours.

Maintenance Window on a Collection

Maintenance Window on a Collection

For example in this case i used a 1 time Maintenance Window without a recurring event, just for this KB package alone.

Set Maintenance Window on a Collection

Set Maintenance Window on a Collection


And that is it.

Remember to always patch Critical Patches like these to have a healthy environment.


P.S. Also try to look on all Microsoft Forums before applying patches without testing in your environment, since there have been loads of cases where even a simple SCEP definition update caused major problems.

Follow on Feedly