Installing an older CU over a Security Patch?

According to this Microsoft link, SQL Server 12.0.6372.1 requires any system with at least SQL 2014 SP3, so my predecessor installed it over SP3. Now the version is “2014 (SP3-CU-GDR) (KB4535288) – 12.0.6372.1”.

Since that security patch only fixes a specific problem with Reporting Services, and is smaller than the CU4 package, ISTM that I should also install the CU4 patch.

But how? Do I first uninstall KB4535288, then install KB4500181 (CU4) and then reinstall KB4535288, or can I just slap KB4500181 on top of KB4535288 (which seems like it would overwrite the KB4535288 files.

Go to Source
Author: RonJohn