Hi @balaji.bandi:  What does this statement mean "If Cisco ISE is running Release 3.3 Patch 6, additional fixes are available in Release 3.3 Patch 7, and the device must be upgraded."  What does Cisco mean when it says "upgraded" as oppose to "fresh install"?

As per i know there is no need of fresh install  you can just patch on top of the patch, patch 7 recent security fix.

That is my understanding as well, but I question why Cisco put in that statement in the first place.  Something doesn't seem right.

They are just using the term upgrading in a sense of patching. In this case upgrade means installing patch 7 as patches are always installed.

I know it's frustrating, but as @balaji.bandi also said.. it is what it is and we are all in the same boat.

They found a new security breach and released a patch to fix it - that sometimes happens multiple times shortly after another..

I totally understand customer point of view, but being security product, they may have found later security vulnerability , they release patch, this what software industry, since as a consumer we expect fast phasing new feature every when and then.

patch not much time to apply, but planning is takes time and if this is single node required small maintenance window, if the deployment is distributed  then you have better options.