i have a few MS updates that our IT Security scanners say are needed to remediate some vulnerabilities, but wsus says we don't need them. i've already looked in products and classifications and there's nothing particular to them. been through this before with the scanners saying we need something and wsus doesn't, and i ended up having to load em manually. not fun.
my question is this - is there a way to force wsus to get an update even though it thinks it don't need it so i can have an automated/managed way of applying an update without having to do it manually? don't wanna go over whether or not we need the patch cause i have to apply them, just wondering is this possible, or another good alternate way to push out (don't have SCCM nor will we) via group policy, something :-)