• Home
  • About 404TS
  • Contact

404 Tech Support

Where IT Help is Found

  • Articles
    • Code
    • Entertainment
    • Going Green
    • Hardware, Gadgets, and Products
    • Management
    • Network
    • News
    • Operating Systems
    • Security and Privacy
    • Software
    • System Administration
    • Talking Points
    • Tech Solutions
    • Web
    • Webmaster
  • Reviews
  • Media
    • Infographics
    • Videos
  • Tech Events
  • Tools
    • How do I find my IP address?
    • Browser and plugin tests
  • Get a Technical Consultation
You are here: Home / Articles / Security and Privacy / Windows Updates and WSUS hardening to prevent abuse

Windows Updates and WSUS hardening to prevent abuse

2012-06-11 by Jason

Tomorrow will be June’s Patch Tuesday for Microsoft. Seven security bulletins were posted to address a number of remote code execution critical vulnerabilities and important elevation of privilege vulnerabilities. Even with Patch Tuesday coming tomorrow, Microsoft has already been busy this month releasing two updates to harden Windows Updates and WSUS in response to the Flame malware.

You can find out more about the Updates coming tomorrow that address vulnerabilities in Windows, Internet Explorer, the .NET framework, Office, and other Microsoft applications from this month’s Security Bulletin.

Meanwhile, Microsoft technologies were manipulated to spread the Flame malware. As a result, Microsoft has been busy patching the affected services to correct their flaws.

From the WSUS Product Team Blog, Microsoft has updated Windows Updates for all clients and WSUS 3.0 SP2 for WSUS servers.

Clients should automatically receive update 2718704 for their Windows Updates services unless they have updates set to manual checking. If that is the case, Windows Updates can be manually checked to get the necessary updates.

Please follow the following steps to ensure a smooth deployment:

  1. Apply Security Advisory Update 2718704, issued on June 3, which moved unauthorized digital certificates derived from a Microsoft Certificate Authority to the Untrusted Store.
  2. Apply the WSUS update, issued on June 08, see KB 2720211.

The Microsoft Security Response Center blog has more details on how the attack worked and took advantage of the services. The important information is to get Update 2718704 installed on all clients and update WSUS if you use it in your environment. The updates prevent a similar man-in-the-middle attack from working with the same method and being able to observe the traffic that passes through it.

One known issue with the WSUS 3.0 SP2 update comes into play if your environment uses an https or SSL content inspection. Windows Update traffic will need to have a rule created that tunnels the traffic without inspection. More details are available in KB 2720211. With these updates applied, Microsoft will be using hashes with all future Windows Updates so attackers will be unable to use Windows Update as a distribution vehicle in the future.

Filed Under: Security and Privacy

Trending

  • Out-of-band update available for Adobe Flash Player
    In Security and Privacy, Software
  • Nexus 6P powers off when battery hits 25%
    In Hardware, Gadgets, and Products, Tech Solutions
  • Disable Firefox 3’s New “Awesome” Bar
    In Software, Tech Solutions

Latest Media Posts

Find Out Where To Download SNES ROMs

Find Out Where To Download SNES ROMs

Multifunctional Video Conversion Tools – Wondershare Video Converter

Multifunctional Video Conversion Tools – Wondershare Video Converter

  • Popular
  • Latest
  • Today Week Month All
  • How to ‘Unblock’ multiple files at a time with PowerShell How to 'Unblock' multiple files at a time with PowerShell
  • Increase IIS Private Memory Limit to improve WSUS availability Increase IIS Private Memory Limit to improve WSUS availability
  • SOLVED: “This modification is not allowed because the selection is locked.” SOLVED: "This modification is not allowed because the selection is locked."
  • Creating and editing views in phpMyAdmin Creating and editing views in phpMyAdmin
  • Configure Outlook to recurring appointments for the last weekday of the month Configure Outlook to recurring appointments for the last weekday of the month
  • 3d rendering circuit cloud for cloud computing technology Build and Deploy a Modern Web 3.0 Blockchain App in 2022
  • Telecom Application Development: When to Outsource Telecom Application Development: When to Outsource
  • Printer printing document wirelessly from mobile phone or smartphone wifi connection vector flat cartoon illustration, file air print on fax or ink jet via cellphone bluetooth modern design Why Your Business Needs Online Fax Services In 2022
  • 6 Best Ways to Protect Your Business Account 6 Best Ways to Protect Your Business Account
  • How to download videos from Instagram How to download videos from Instagram
Ajax spinner

Elevator Pitch

404 Tech Support documents solutions to IT problems, shares worthwhile software and websites, and reviews hardware, consumer electronics, and technology-related books.

Subscribe to 404TS articles by email.

Recent Posts

  • Build and Deploy a Modern Web 3.0 Blockchain App in 2022
  • Telecom Application Development: When to Outsource
  • Why Your Business Needs Online Fax Services In 2022

Search

FTC Disclaimer

404TechSupport is an Amazon.com affiliate; when you click on an Amazon link from 404TS, the site gets a cut of the proceeds from whatever you buy. This site also uses Skimlinks for smart monetization of other affiliate links.
Use of this site requires displaying and viewing ads as they are presented.

Copyright © 2022 · Magazine Pro Theme on Genesis Framework · WordPress · Log in