How does MDES SDK determine the Severity of GetMissingPatches for Windows Update Agent?
Overview
The Windows Update Agent (WUA) functionality—particularly the GetMissingPatches method—in MetaDefender Endpoint Security SDK relies directly on Microsoft’s WUA API. When this method is invoked, SDK collects the list of missing patches reported by WUA, converts the data into a standardized JSON format, and returns it in the json_out object.
This article explains how the severity field in result.patches[] is determined during this process.
How the SDK retrieves severity
Primary Source
These values are passed through without modification. The SDK does not recalculate or reinterpret them.
Our SDK retrieves patch severity mainly from Microsoft WUA API. Severity values are based on the official Microsoft Security Response Center (MSRC) rating scale:
| Value | Description |
|---|---|
critical | A security issue whose exploitation could allow the propagation of an Internet worm without user action. |
important | A security issue whose exploitation could result in compromise of the confidentiality, integrity, or availability of users' data, or of the integrity or availability of processing resources. |
moderate | Exploitation is mitigated to a significant degree by factors such as default configuration, auditing, or difficulty of exploitation. |
low | A security issue whose exploitation is extremely difficult, or whose impact is minimal. |
unknown | If there is any issue, it will be classified as unknown. |
Fallback Behaviour
If our SDK cannot retrieve the official severity (e.g., the Windows Update API fails or times out), it falls back to Microsoft’s Windows Update classification model and infers severity from the patch’s category.
1. Category-Based Mapping
For any patch in these categories, our SDK sets severity to important:
critical_updateupdate_rollupservice_packdefinition_updatesecurity_update
2. Optional vs. Recommended
For patches in these categories:
updatefeature_packtool
our SDK assigns:
important— if Windows Update marks the patch as Recommendedunknown— if Windows Update marks the patch as Optional
Example Output
The following is an example of the simplified json_out output generated by the GetMissingPatches method:
{ "result": { "method": 1013, "signature": 1103, "patches": [ { "title": "Update for Microsoft Office 2016 (KB5002623) 64-Bit Edition", "description": "Microsoft has released an update ...", "category": "critical_update", "severity": "important", }, { "title": "Broadcom Inc. - Display - 9.17.9.4", "description": "Broadcom Inc. Display driver update released in December 2024", "category": "driver", "severity": "unknown", } ], }}References
- IUpdate::get_MsrcSeverity (wuapi.h) - Win32 apps | Microsoft Learn
- Windows Update categories | Microsoft Learn
If further assistance is required, please proceed to log a support case or chatting with our support engineer.