You are filtering the "Windows Compliance by Update" report using the "Security Update" category, and one of the Microsoft files/patches appears in this category.

Note: This example will use MEDGE-250216 (MicrosoftEdgeEnterprise_133.0.3065.69_x64.msi) Microsoft Edge Stable Channel (Version 133.0.3065.69) as seen here:



When checking on the Microsoft side (Microsoft Catalog), the same file/patch is categorized as just an "Update" under the "classification" column.

You want to know why there is a difference in the Microsoft Edge update categorization between Microsoft and Patch Management:

ITMS 8.7.x

Microsoft categorizes all of these as "Updates" in their Microsoft Update Catalog - for example, Microsoft Edge 133.0.3065.69: Microsoft Edge-Stable Channel Version 133 Update for x64 based Editions (Build 133.0.3065.69)

Reason:
The content team reviews vendors’ patches like Microsoft and provides additional classification types as needed. In this scenario with the EDGE patch Microsoft Edge 133.0.3065.69 in this example, it's listed in Release Notes for Microsoft Edge as a Security Update and has a CVE-ID reference. It is not just an “Update” classification but a “Security Update”:

In general, the Patch Vendor classification is used unless further review of the Release Notes and sub-components has a more elevated classification.

Note: