When you use WSUS, Microsoft Update, or Microsoft System Center Configuration Manager Software Updates to apply updates to Microsoft SQL Server, you notice that some of the listed cumulative updates (CU) don't apply to your SQL Server installation.
SQL Server updates are published to the Microsoft Update service. Distribution channels such as the Windows built-in automatic update service and System Configuration Manager Software Updates Management can scan Microsoft Update for SQL Server updates.
Each SQL Server update that is listed in Microsoft Update has a list of applicability rules that are evaluated in order to determine whether an update is applicable.
For a CU to be displayed as applicable to a SQL Server installation, at least one CU has to be installed on that updates baseline.
Note "Baseline" in this context refers to an RTM or Service Pack release.
For example, consider a scenario in which the latest CU for SQL Server 2014 Service Pack 2 (SP2) is Cumulative Update 6 (CU6). Currently, the latest update that is installed on the system is SQL Server 2014 SP2. You run a Microsoft Update scan of the system, and you notice that no CUs are listed as applicable. You manually download and install SQL Server 2014 SP2 Cumulative Update 1. You run the Microsoft Update scan again, and now you notice that SQL Server 2014 SP2 Cumulative Update 6 is listed as applicable.
To fix this issue, manually download and install any SQL Server Cumulative Update that applies to the baseline build. After this is performed, the latest cumulative update that is released to Microsoft Update will be listed as applicable.
Microsoft has confirmed that this is a limitation of Microsoft Update.
This behavior is by design. The system administrator can install a CU to determine the servicing branch that SQL Server should follow.
For more information about the SQL Server service models, see the following Knowledge Base article:
935897 An Incremental Servicing Model is available from the SQL Server team to deliver hotfixes for reported problems.
Each servicing baseline (RTM or a service pack) includes two servicing branches:
A General Distribution Release (GDR) branch that contains only Security and other Critical fixes.
A CU branch that contains Security and other Critical fixes plus all other fixes for the baseline.
Currently, the Microsoft Update (MU) detection logic is constructed so that instances on a servicing baseline or along the GDR branch are offered the GDR branch.
Users have to proactively install at least one CU to align the instance to the CU branch. However, after this is done, you cannot return to the GDR branch until the instance baseline is either reset by moving up to the next Service Pack or all CUs for the baseline are manually uninstalled. If all CUs are uninstalled, this moves the instance back to the GDR branch or servicing baseline.
This logic helps to minimize the default number of changes that are required in the event of a Security or other Critical update. Instances that are on the CU branch must necessarily accept all updates in the event that a required Security or other Critical release is provided for the baseline. This includes all cumulative nonsecurity changes for the baseline up to the point of the required Security update.