• Home
  • About 404TS
  • Contact

404 Tech Support

Where IT Help is Found

  • Articles
    • Code
    • Entertainment
    • Going Green
    • Hardware, Gadgets, and Products
    • Management
    • Network
    • News
    • Operating Systems
    • Security and Privacy
    • Software
    • System Administration
    • Talking Points
    • Tech Solutions
    • Web
    • Webmaster
  • Reviews
  • Media
    • Infographics
    • Videos
  • Tech Events
  • Tools
    • How do I find my IP address?
    • Browser and plugin tests
  • Get a Technical Consultation
You are here: Home / Articles / Security and Privacy / Windows Updates and WSUS hardening to prevent abuse

Windows Updates and WSUS hardening to prevent abuse

2012-06-11 by Jason

Tomorrow will be June’s Patch Tuesday for Microsoft. Seven security bulletins were posted to address a number of remote code execution critical vulnerabilities and important elevation of privilege vulnerabilities. Even with Patch Tuesday coming tomorrow, Microsoft has already been busy this month releasing two updates to harden Windows Updates and WSUS in response to the Flame malware.

You can find out more about the Updates coming tomorrow that address vulnerabilities in Windows, Internet Explorer, the .NET framework, Office, and other Microsoft applications from this month’s Security Bulletin.

Meanwhile, Microsoft technologies were manipulated to spread the Flame malware. As a result, Microsoft has been busy patching the affected services to correct their flaws.

From the WSUS Product Team Blog, Microsoft has updated Windows Updates for all clients and WSUS 3.0 SP2 for WSUS servers.

Clients should automatically receive update 2718704 for their Windows Updates services unless they have updates set to manual checking. If that is the case, Windows Updates can be manually checked to get the necessary updates.

Please follow the following steps to ensure a smooth deployment:

  1. Apply Security Advisory Update 2718704, issued on June 3, which moved unauthorized digital certificates derived from a Microsoft Certificate Authority to the Untrusted Store.
  2. Apply the WSUS update, issued on June 08, see KB 2720211.

The Microsoft Security Response Center blog has more details on how the attack worked and took advantage of the services. The important information is to get Update 2718704 installed on all clients and update WSUS if you use it in your environment. The updates prevent a similar man-in-the-middle attack from working with the same method and being able to observe the traffic that passes through it.

One known issue with the WSUS 3.0 SP2 update comes into play if your environment uses an https or SSL content inspection. Windows Update traffic will need to have a rule created that tunnels the traffic without inspection. More details are available in KB 2720211. With these updates applied, Microsoft will be using hashes with all future Windows Updates so attackers will be unable to use Windows Update as a distribution vehicle in the future.

Filed Under: Security and Privacy

Trending

  • GoToMyPC resets all users’ passwords
    In Security and Privacy
  • How to use the Internet for grandparents
    In Infographics
  • HP’s WiFi Mobile Mouse – Dongle-Free For Your Convenience
    In Hardware, Gadgets, and Products, News

Latest Media Posts

Find Out Where To Download SNES ROMs

Find Out Where To Download SNES ROMs

Multifunctional Video Conversion Tools – Wondershare Video Converter

Multifunctional Video Conversion Tools – Wondershare Video Converter

  • Popular
  • Latest
  • Today Week Month All
  • How to ‘Unblock’ multiple files at a time with PowerShell How to 'Unblock' multiple files at a time with PowerShell
  • Increase IIS Private Memory Limit to improve WSUS availability Increase IIS Private Memory Limit to improve WSUS availability
  • Command line to take ownership and change permissions Command line to take ownership and change permissions
  • Creating and editing views in phpMyAdmin Creating and editing views in phpMyAdmin
  • Read the Event Logs on Windows Server Core Read the Event Logs on Windows Server Core
  • How to Purchase Cryptocurrencies? How to Purchase Cryptocurrencies?
  • Top 6 necessary aspects to consider when hiring Angular developers Top 6 necessary aspects to consider when hiring Angular developers
  • Full guide on drawbacks and benefits of Node.js for making the perfect choice for your business Full guide on drawbacks and benefits of Node.js for making the perfect choice for your business
  • Benefits of End-To-End Testing That Will Match Company Expectations Benefits of End-To-End Testing That Will Match Company Expectations
  • 3 Key Features of Pets Health Monitoring Systems 3 Key Features of Pets Health Monitoring Systems
Ajax spinner

Elevator Pitch

404 Tech Support documents solutions to IT problems, shares worthwhile software and websites, and reviews hardware, consumer electronics, and technology-related books.

Subscribe to 404TS articles by email.

Recent Posts

  • How to Purchase Cryptocurrencies?
  • Top 6 necessary aspects to consider when hiring Angular developers
  • Full guide on drawbacks and benefits of Node.js for making the perfect choice for your business

Search

FTC Disclaimer

404TechSupport is an Amazon.com affiliate; when you click on an Amazon link from 404TS, the site gets a cut of the proceeds from whatever you buy. This site also uses Skimlinks for smart monetization of other affiliate links.
Use of this site requires displaying and viewing ads as they are presented.

Copyright © 2023 · Magazine Pro Theme on Genesis Framework · WordPress · Log in