Security Patches should not be superseded by non security patches
In our environment, we use Kace to deliver Microsoft security patches to our Windows Servers. We also use the setting to inactivate superseded patches to reduce patch installation redundancy.
I found the July Windows Server 2016 cummulative update, KB4025339, was superseded a week later by KB4025334, which is a non-security update. This completely messes up my patching workflow.
My current options, as I see it, are to either included non-security updates in my patching catalog and figure out which ones I am going to allow, or to allow superseded patches to remain active.
Based on this, in my opinion, a security update should not be able to be superseded unless it is superseded by another security update.
I attempted working with support, but they said they are dependent on how Microsoft classifies updates. I think this will become more visible as Server 2016 gets more adoption.