When installing the deployed patches on the client machines through SCCM, the installation fails with error code 0x800b004 and with the error message "The subject is not trusted for the specific action"
This error will occur if the certificate signed with patches is missing in the client certificate store.
To resolve this issue,
The signing certificate has to be imported to the "Trusted Publishers and Trusted Root Certification Authorities" store on the client machines, to make them trust the third party updates.
"Allow signed content from intranet Microsoft update service location" option in 'Group Policy Management' must be enabled.
To deploy the signed certificate to all the client machines using GPO, you can follow this document.
In case if this problem continues, kindly Contact Support
Keywords: Third-party Patch Management, Publish Patches, Patch Failure.