Service Packs vs windows updates and patches

JosephEstrada
JosephEstrada used Ask the Experts™
on
We are undergoing a Security Audit of our internal computer systems by an external 3rd party auditor.
We just rolled out new Windows 10 PCs to 75% of our staff and everything is working great.
We use Ivanti for patch management and all PCs are fully patched with all Windows updates and application security patches.
My question is:
What benefit , security wise, is there in ensuring that Service Packs are all completely up to date?
i.e. Does Windows 10 Service Pack 1909 contain more security patches or benefits if all individual Windows updates and security patches are already up to date?
I'd rather not install the Service Pack since all is working fine.

Thanks!
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Technology and Business Process Advisor
Most Valuable Expert 2013
Commented:
Not sure where you got the idea that that's a service pack.  Services packs don't exist anymore.

1909 is a version of Windows 10.  Microsoft is rolling out new versions of Windows roughly every 6 months.  

In some ways, it's better to think of Windows and Windows 10 as synonymous and that the release date code is really a version - so it would be:

Windows 2000
Windows XP
Windows Vista
Windows 7
Windows 8
Windows 8.1
Windows 1507
Windows 1511
Windows 1607
Windows 1703
Windows 1709
Windows 1803
Windows 1809
Windows 1903
Windows 1909

What you should stay on depends on your release channel.

What channel are you using?  LTSC or the Semi-Annual Channel?  The semi-annual channel is supported for 18 months.  The LTSC channel is supported for 10 years.  See:
https://docs.microsoft.com/en-us/windows/release-information/
Distinguished Expert 2018

Commented:
Just to add to what Lee said, whether 1909 adds security depends on the build you are in.  It is definitely more secure than, say, 1607 which no longer gets security updates at all. So being up to date on 1607 is still out of date overall.

But it doesn't have much in the way of security over an up-to-date build of 1903.

And to stress they aren't service packs. They are full fledged sub-versions.

Author

Commented:
Thanks Folks!
Very helpful.
Ivanti Patch for Servers recommends installing the Windows 1909 version and further describes it as a Security Patch.
Misleading.
Cheers!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial