Patch your Windows 10 media (used with In-Place Upgrades in ConfigMgr) with a new Setup Dynamic Update Package


Patch Tuesday for October 2020 brought the usual updates, but also blessed us with a security update, that addresses a vulnerability found in the setup of Windows 10.

The article tells us to download the latest refreshed media from VLSC or MSDN, or download the latest applicable Setup Dynamic Update (DU) package and patch the media ourselves.

Now, as of writing, the official downloads has not been refreshed yet, so I wanted to get rid of the vulnerability and patch my existing media manually. The process I went through, made this post.

Update 28 October: Official and affected Windows 10 downloads are still not refreshed.

Download Setup DU packages

There are multiple downloads available, depending on what version of Windows 10 you are looking to patch.

Head into the Microsoft Update Catalog and search for and download the relevant update (KB-number).

In my scenario, I was looking to patch my Windows 10 version 2004 media, as I’m about to begin a broad In-Place Upgrade process.

The result of the download will be a .cab file similar to below illustration:

Applying the Setup DU package

To apply the Setup Dynamic Update Package to your existing Windows 10 media, you start off by referencing the downloaded .cab file in a variable in a PowerShell console like shown below.

$SETUP_DU_PATH = "C:\Users\adminmab\Desktop\DU-Package\"

Next, you expand the content of the .cab file into the \sources folder of the Windows 10 media (This is the downloaded .ISO extracted, which is used as an Upgrade Package in ConfigMgr).

cmd.exe /c $env:SystemRoot\System32\expand.exe $SETUP_DU_PATH -F:* "D:\Pkgsource\OSPackages\SW_DVD9_Win_Pro_10_2004.4_64BIT_English_Pro_Ent_EDU_N_MLF_-2_X22-36939\sources"

And once the process is complete, you will see a completion notice similar to below:


Distribute the changes to your distribution points, or if you did like me, and redownloaded the latest .ISO (which was updated in September), go ahead and add that as a new Operating System Upgrade Package in the Configuration Manager console.

More info

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.