• Home
  • About 404TS
  • Contact

404 Tech Support

Where IT Help is Found

  • Articles
    • Code
    • Entertainment
    • Going Green
    • Hardware, Gadgets, and Products
    • Management
    • Network
    • News
    • Operating Systems
    • Security and Privacy
    • Software
    • System Administration
    • Talking Points
    • Tech Solutions
    • Web
    • Webmaster
  • Reviews
  • Media
    • Infographics
    • Videos
  • Tech Events
  • Tools
    • How do I find my IP address?
    • Browser and plugin tests
  • Get a Technical Consultation
You are here: Home / Articles / Security and Privacy / Windows Updates and WSUS hardening to prevent abuse

Windows Updates and WSUS hardening to prevent abuse

2012-06-11 by Jason

Tomorrow will be June’s Patch Tuesday for Microsoft. Seven security bulletins were posted to address a number of remote code execution critical vulnerabilities and important elevation of privilege vulnerabilities. Even with Patch Tuesday coming tomorrow, Microsoft has already been busy this month releasing two updates to harden Windows Updates and WSUS in response to the Flame malware.

You can find out more about the Updates coming tomorrow that address vulnerabilities in Windows, Internet Explorer, the .NET framework, Office, and other Microsoft applications from this month’s Security Bulletin.

Meanwhile, Microsoft technologies were manipulated to spread the Flame malware. As a result, Microsoft has been busy patching the affected services to correct their flaws.

From the WSUS Product Team Blog, Microsoft has updated Windows Updates for all clients and WSUS 3.0 SP2 for WSUS servers.

Clients should automatically receive update 2718704 for their Windows Updates services unless they have updates set to manual checking. If that is the case, Windows Updates can be manually checked to get the necessary updates.

Please follow the following steps to ensure a smooth deployment:

  1. Apply Security Advisory Update 2718704, issued on June 3, which moved unauthorized digital certificates derived from a Microsoft Certificate Authority to the Untrusted Store.
  2. Apply the WSUS update, issued on June 08, see KB 2720211.

The Microsoft Security Response Center blog has more details on how the attack worked and took advantage of the services. The important information is to get Update 2718704 installed on all clients and update WSUS if you use it in your environment. The updates prevent a similar man-in-the-middle attack from working with the same method and being able to observe the traffic that passes through it.

One known issue with the WSUS 3.0 SP2 update comes into play if your environment uses an https or SSL content inspection. Windows Update traffic will need to have a rule created that tunnels the traffic without inspection. More details are available in KB 2720211. With these updates applied, Microsoft will be using hashes with all future Windows Updates so attackers will be unable to use Windows Update as a distribution vehicle in the future.

Filed Under: Security and Privacy

Trending

  • MonoPrice.com – Quality Cables At Low Prices
    In Hardware, Gadgets, and Products, Media, Network
  • How to sideload Android apps to Amazon’s Fire TV
    In Hardware, Gadgets, and Products
  • Java 7 “Application Blocked by Security Settings”
    In Software, Tech Solutions

Latest Media Posts

Find Out Where To Download SNES ROMs

Find Out Where To Download SNES ROMs

Multifunctional Video Conversion Tools – Wondershare Video Converter

Multifunctional Video Conversion Tools – Wondershare Video Converter

  • Popular
  • Latest
  • Today Week Month All
  • How to ‘Unblock’ multiple files at a time with PowerShell How to 'Unblock' multiple files at a time with PowerShell
  • Increase IIS Private Memory Limit to improve WSUS availability Increase IIS Private Memory Limit to improve WSUS availability
  • Read the Event Logs on Windows Server Core Read the Event Logs on Windows Server Core
  • SOLVED: “This modification is not allowed because the selection is locked.” SOLVED: "This modification is not allowed because the selection is locked."
  • Command line to take ownership and change permissions Command line to take ownership and change permissions
  • Making Distributed Software Development Work: Strategies and Best Practices for Managing Remote Teams Making Distributed Software Development Work: Strategies and Best Practices for Managing Remote Teams
  • customer contactless payment for drink with mobile phon at cafe counter bar,seller coffee shop accept payment by mobile.new normal lifestyle concept The Latest Innovations In Payment Technology
  • How Digital Technology Brought the Rise of the CMO   How Digital Technology Brought the Rise of the CMO  
  • How to Purchase Cryptocurrencies? How to Purchase Cryptocurrencies?
  • Top 6 necessary aspects to consider when hiring Angular developers Top 6 necessary aspects to consider when hiring Angular developers
Ajax spinner

Elevator Pitch

404 Tech Support documents solutions to IT problems, shares worthwhile software and websites, and reviews hardware, consumer electronics, and technology-related books.

Subscribe to 404TS articles by email.

Recent Posts

  • Making Distributed Software Development Work: Strategies and Best Practices for Managing Remote Teams
  • The Latest Innovations In Payment Technology
  • How Digital Technology Brought the Rise of the CMO  

Search

FTC Disclaimer

404TechSupport is an Amazon.com affiliate; when you click on an Amazon link from 404TS, the site gets a cut of the proceeds from whatever you buy. This site also uses Skimlinks for smart monetization of other affiliate links.
Use of this site requires displaying and viewing ads as they are presented.

Copyright © 2023 · Magazine Pro Theme on Genesis Framework · WordPress · Log in