Update to Windows Update, WSUS Coming This Week

Hello,

As part of the phased mitigation strategy we outlined on the MSRC blog, an update was released with Security Advisory 2718704 that prevents unauthorized certificates from being used to attack Windows systems.  In an effort to provide additional protection for customers, the next action in our mitigation strategy is to further harden Windows Update as a defense-in-depth precaution. Now that we have seen broad adoption of Security Advisory 2718704, our deployment of the security hardening update to Windows Update and Windows Server Update Services (WSUS) infrastructures will begin to roll out over the next few days.

Our hardening introduces two defense-in-depth changes.  First, we have further hardened the Windows Update infrastructure so that the Windows Update client will only trust files signed by a new certificate that is used solely to protect updates to the Windows Update client. Second, we are strengthening the communication channel used by Windows Update in a similar way.  WSUS customers will also receive an update; more details will be found on the Knowledge Base when the update becomes available.

As with past updates, this update will not change your current Windows Update or Automatic Updates settings. Anytime Windows Update (or Automatic Updates) is turned on, either set to automatically install updates or notify to install updates, Windows Update will take care of updating itself.

It’s important to keep your PC up to date with the latest updates to keep your PC running smoothly and safely.

WU/WSUS Team

Comments

  • Anonymous
    January 01, 2003
    We've also deployed KB2607070 so would like to know that answer too. Also, will the security certificate changes affect certificates issued and used internally for local publishing to WSUS (via System Center Essentials or System Center Update Publisher), or will those certificates continue to be trusted as per Group Policy settings?

  • Anonymous
    January 01, 2003
    Nice to see..

  • Anonymous
    June 06, 2012
    Something I've never had a good handle on is how Microsoft supercedes hotfixes. We have deployed KB2607070 which is a newer Windows Update Agent that allows self-published content larger than several hundred MB to install successfully. Will the new Update Agent that is released this week include most intermediate hotfixes such as that, or will I have to wait for that KB article to be updated with a newer build?

  • Anonymous
    June 12, 2012
    Wsus Server Crashed . Error ( mmc has detected an error in a snap-in and will unload it )

  • Anonymous
    July 08, 2012
    thank you nice web site http://www.kodes.com Hiphop, Rap, Ceza, sagopa, Kolera http://www.gekkog.com Hiphop, Rap, Gekko G http://www.maskanimasyon.com Animasyon

  • Anonymous
    March 19, 2013
    blogs.technet.com/.../new-product-family-for-microsoft-bitlocker-administration-and-monitoring.aspx

  • Anonymous
    March 19, 2013
    Thanks you very nice good  comment's room www.cinselsohbetchat.org

  • Anonymous
    October 10, 2015
    Thank you for sharing this fine article. Keep up the good works.
    dizi fragmanlari http://www.trbolumfragman.com