Update to Windows Update, WSUS Coming This Week
Hello,
As part of the phased mitigation strategy we outlined on the MSRC blog, an update was released with Security Advisory 2718704 that prevents unauthorized certificates from being used to attack Windows systems. In an effort to provide additional protection for customers, the next action in our mitigation strategy is to further harden Windows Update as a defense-in-depth precaution. Now that we have seen broad adoption of Security Advisory 2718704, our deployment of the security hardening update to Windows Update and Windows Server Update Services (WSUS) infrastructures will begin to roll out over the next few days.
Our hardening introduces two defense-in-depth changes. First, we have further hardened the Windows Update infrastructure so that the Windows Update client will only trust files signed by a new certificate that is used solely to protect updates to the Windows Update client. Second, we are strengthening the communication channel used by Windows Update in a similar way. Details on the changes to the Windows Update client can be found at KB 949104. WSUS customers will also receive an update; more details can be found at KB 2720211.
As with past updates, this update will not change your current Windows Update or Automatic Updates settings. Anytime Windows Update (or Automatic Updates) is turned on, either set to automatically install updates or notify to install updates, Windows Update will take care of updating itself.
It’s important to keep your PC up to date with the latest updates to keep your PC running smoothly and safely.
WU/WSUS Team
Comments
Anonymous
January 01, 2003
Its great that you are taking the security and the hardening of the certs but when will you release a version of the agent with better error logging and reporitng. Currently so many error codes are not documented or the offical MS documenation is so bad that you need google and a whole lotta luck to actually fix a broken instance of Windows Update.Anonymous
January 01, 2003
thanksAnonymous
June 08, 2012
How will this affect existing customers using WSUS 2 and not willing to update to WSUS 3 for whatever reason? Can we just install the new certificate in the trusted roots folder?Anonymous
June 16, 2012
When the new Windows update downloaded it would not allow me to enter Explore. I had to do a system restore and go back before the update to access Explore or any internet access. What should I do?Anonymous
June 17, 2012
Although I have seen this update arrive on a Windows 7 64-bit machine, I have not seen this update arrive on any 32-bit Windows machine at my disposal. Is this update intended to apply to 32-bit systems?Anonymous
June 20, 2012
Why is this update classified as Critical Update and not as Security Update even though it is clearly security-relevant? Many organizations deploy Security Updates but not Critical Updates on a regular schedule and I guess the classification as Critical Update will cause a lot of organizations to miss this update.Anonymous
June 27, 2012
What action versions can update files in the incomplete state of the work this problem?Anonymous
June 29, 2012
The comment has been removedAnonymous
January 24, 2013
windows xp was really one of the best operation systemsAnonymous
December 27, 2013
Hello, As we mentioned previously , Microsoft is releasing an update to further harden the Windows ServerAnonymous
January 18, 2014
ECOUAnonymous
March 27, 2014
puedo instalar solo en Domain Controler la aplicacion WSUS?
rmiranda@fgrchile.cl
GraciasAnonymous
March 23, 2016
thats so nice windowAnonymous
April 14, 2017
update windows 10 from more than one placeis there is a way to make WSUS works on windows 10 Computer , i have peer to peer network (Work group LAN) and i do not have windows server and updates does not shared on LAN (All LAN Pcs has Identical windows 10 6 4bit 1607 version) with the same work group same IP configuration all has same nextwork configuration.each single pc download windows 10 update from windows update server....... this is my issueThanks