Microsoft Update Product Team Blog

Latest happenings, developments, and news from the MU product team...

Upcoming Update for Microsoft Update Client

Upcoming Update for Microsoft Update Client

  • Comments 11
  • Likes

Hello,

In an effort to provide additional protection for customers, we are releasing an update that further enhances the security of Windows Update / Microsoft Update (WU/MU) Client.

Improvements include further hardening of infrastructure used by WU/MU client and a more secure communication channel between WU/MU Client and Service.

The update is applicable to Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows 8, Windows RT, Windows Server 2012 and the rollout will begin today. Similar to past updates, this update will be automatically installed if Automatic Updates is turned ON, either set to automatically install updates or notify to download/install updates.

Details on the changes to the WU/MU client can be found at KB 2887535.

As with past updates, this update will not change your current Windows Update or Automatic Updates settings. Anytime Windows Update (or Automatic Updates) is turned ON, either set to automatically install updates or notify to download/install updates, Windows Update will take care of updating itself.

It's important to keep your PC up to date with the latest updates to keep your PC running smoothly and safely.

WU/MU Team

Comments
  • This Update (for client OS) will also arrive by WSUS ?
    Will WSUS itself also be updated to show proper Client OS names (Windows 8.1) when WSUS is running on older OS below 2012R2 (e.g 2008R2)

  • Hi, nice to know but when can we expect this within WSUS?

    This update is unavailable currently for deployment through Windows Server Update Services (WSUS) or as a stand-alone package. When it becomes available, the information will be made available in this article.

  • Normally updates arrives @10:00am (GMT-8)

  • I am curious about the WSUS timing but more importantly will this improve error messaging when the client encounters an issue. This has long been a pain point is troubleshooting a client that is failing to install updates, cryptic error messages that are often undocumented or very poorly documented.

  • Can this be downloaded manually for deployment purposes. Not in Windows Catalog.

  • To Ed,
    Read KB Article carefully:
    "This update is unavailable currently for deployment through Windows Server Update Services (WSUS) or as a stand-alone package. When it becomes available, the information will be made available in this article."

  • Please backport this to Windows Vista Service Pack 2!

  • Hi Ian

    "A more secure communication channel between the WU/MU client and Service" and
    "Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 with update 2919355 already include these improvements" (see http://blogs.technet.com/b/wsus/archive/2014/04/16/solution-to-kb2919355-preventing-interaction-with-wsus-3-2-over-ssl.aspx)
    is a indication that they will raise the TLS (to TLS 1.2) level of the WSUS Client and maybe the ssl ciphers that are used with this update.

    Due Vista and 2008 do not Support TLS 1.2 and newer ciphers.
    Therefore this patch would not make sense for OS older than Win7

  • http://msdn.microsoft.com/en-us/library/aa374757%28v=VS.85%29.aspx (TLS / Ciphers in Win7)
    http://msdn.microsoft.com/en-us/library/ff468651(v=vs.85).aspx (TLS / Ciphers in Vista)

  • http://blogs.technet.com/b/wsus/archive/2014/07/08/upcoming-update-to-wsus-kb-2887535.aspx

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment