Recently Microsoft released a critical update to IE (MS15-093 - 3087985).  As such we created an Emergency patch deployment for this patch (not knowing there was a prerequisite).  When we looked at the deployment in SCCM it showed compliant on the majority of the machines.  However, when we went to the machines we did not see the update.  We came to find out that MS15-093 had a prerequisite that was not on the machines (3078071).

This prerequisite update 3078071 is in our SCCM enviroment, downloaded and available to be deployed, but was not a part of the Emergency Patch Deployment

So my question is... 

1.  Why does SCCM show compliant when the patch was not installed?

2.  How does SCCM manage pre-rerequisites during a normal patch process? 

Our goal would be that on the night of the update deployment, the workstation checks for updates, installes required updates, reboot if needed, immediatly checks again for updates again, install updates, reboot, and <keep repeating> until all updates are installed.  However it appears that the workstation only does 1 cycle and then has to wait for the next month to pick up any updates that had prerequisites.

You insight and assistance would be greatly appreciated.

• Edited by TE2011 13 hours 37 minutes ago Spelling

If a patch requires a prerequisite then SCCM will download both updates and install them as necessary, assuming they are both set to deploy and are available to the machines and it is a custom bundle.  These are not, these are 2 individual updates.

If it shows compliant then it could mean the machine didn't need it, it was install another way.  SCCM normally will install all the updates in a Software update group at the same time and hold the reboots until all the updates are done, then do a single reboot.  Once it reboots it should scan and confirm the updates were installed.  If you have multiple groups forced at the same time, it could perform several patches/restarts as it tries to complete the process.  this is also depending on Maintenance windows and if you have it set to install and/or reboot outside or only during the MW.

the prereq is MS15-079 a Critical patch for August.  If you had downloaded this and set it to deploy at that same time as this patch then it would have install them in order with the prereq and then the 093 patch.  I don't show it as a custom bundle so they are treated at 2 different updates.  

The update is different than installing a hotfix and service pack.  The machine will not install the hotfix until after the correct SP is installed, then it becomes applicable for the machine and the hotfix will then install.  Installing the hotfix, will not force the Sp to install first.