Microsoft Rollup Patch Status

Tracking Rollups applied to host instead of individual updates provides faster verification of host patching for security and stability. Monitoring the application of Microsoft Rollups can be extremely difficult if an organization is not continuously scanning the environment with credentialed scans. Microsoft Rollups are critical as they encompass important security and system updates. Rollups enable you to bring your systems up to date with fewer updates, and will minimize administrative overhead to install a large number of updates. Analysts should track the installation and application of Microsoft Rollups to hosts for a clear picture of how effective the patch management process is being completed and, most importantly, if hosts are being secured with the most recent rollup patches.

A Rollup is defined by Microsoft as “a tested, cumulative set of updates. They include both security and reliability updates that are packaged together and distributed over Windows Update, WSUS, System Center Configuration Manager and Microsoft Update Catalog for easy deployment. The Monthly Rollup is product specific, addresses both new security issues and non-security issues in a single update and will proactively include updates that were released in the past.”

Leveraging the ability of Tenable's Tenable Security Center to use regular expressions, this dashboard provides an analysis of the last installed Microsoft Rollups by month and year. A matrix showing a twelve-month breakdown is displayed on the dashboard for each year from 2016 through 2026. As Microsoft Rollups are detected on hosts, indicators are highlighted for the specific months and years. Information provided in this dashboard gives analysts a clear picture of how effective the patch management process is working and the most current rollup patch installed.

Components

Microsoft Rollups 2016 - 2026: This dashboard as series of matrices that present a yearly analysis by month of fore years 2016 - 2026 Microsoft Rollups applied to hosts. As hosts are discovered having the specific Rollup applied, the box is highlighted in purple. Clicking on a highlighted indicator brings up the analysis screen, allowing further investigation of the hosts.

Subnets Missing Rollup Patch before Nov 2025: This table identifies assets that have been found to be missing Microsoft Rollups applied starting in Nov 2025. The filter uses a negative lookup to identify assets with 93962 and missing the Latest effective update level starting with 11_2025. These assets have not had resent rollup patches and require immediate attention. To view the details, click on View Data, then click on Go to Vulnerability Detail, and the plugin output will show information about the installed rollup patches.