I have ESXi 6.7 update 2 installed and want to apply all the latest security patches to this. In vcenter I am only seeing patches from August 2019. Is this because August 2019 is when Update 3 came out so to apply the latest security patches to my hosts I need to upgrade to Update 3 first?
Latest update is 6.7 update 3a released in november but I believe for that you vcenter should be updated first to the latest.. Always update VCSA which has vum
vCenter with 6.7 Update2 and Update Manager will actually upgrade your hosts to ESXi 6.7 Update 3 by default. It is a best practice to do vCenter first, but it's not required. It can also give dangerous looking error messages if you're using vSAN and end up on a higher update level on your hosts than your vCenter.
If you're using vSAN you can also use the html5 client to configure update manager to only install security patches for the same update level as vCenter.
sorry, maybe my post doesn't make sense. I'm not looking to upgrade to U3 - I just want to apply the latest security patches to my U2 hosts and from what I can see from update manager these stopped appearing around August 2019 when U3 was released. Does that mean I can not apply the latest security patches to my U2 servers?
If you're using vSAN you can use Update Manager to update your servers to configure what type of patching it should do. Without vSAN this setting is not available.
It's kind of strange that this option isn't available without vSAN.