The WSUS Support Team Blog

Microsoft security updates and the Common Vulnerability Reporting Framework

J.C. Hornbeck — Thu, 17 May 2012 22:09:00 GMT

As a part of the Industry Consortium for Advancement of Security on the Internet (ICASI), Microsoft is pleased to present an initial set of monthly security updates – originally released on May 8 – in the consortium’s newly established...(read more)

May 2012 Security Bulletin Webcast, Slide Deck, and Q&A

J.C. Hornbeck — Fri, 11 May 2012 19:33:00 GMT

Hello, Today we published the May Security Bulletin Webcast Questions & Answers page , and the May 2012 Security Bulletin Release Webcast slide deck . During the webcast, we fielded 8 questions on various topics, including bulletins released, deployment...(read more)

Bulletin Management Process and the May 2012 Bulletins

J.C. Hornbeck — Tue, 08 May 2012 17:07:00 GMT

Hello, Have you ever wondered why bulletins group particular issues together? Or one set of products and not another? Well today Jonathan Ness has posted an insightful Security Research & Defense (SRD) blog discussing some of the nuances and packaging...(read more)

MAPP Update: Taking Action to Decrease Risk of Information Disclosure

J.C. Hornbeck — Thu, 03 May 2012 17:32:12 GMT

During our investigation into the disclosure of confidential data shared with our Microsoft Active Protections Program (MAPP) partners, we determined that a member of the MAPP program, Hangzhou DPTech Technologies Co., Ltd., had breached our non-disclosure...(read more)

Advanced Notification Service for May 2012 Security Bulletin Release

J.C. Hornbeck — Thu, 03 May 2012 17:11:00 GMT

Hello, Today we’re releasing our advance notification for the May security bulletin release, which is scheduled for Tuesday, May 8. This month’s release includes 7 bulletins addressing 23 vulnerabilities in Microsoft Windows, Office, Silverlight...(read more)

Beta version of the WSUS Management Pack for Windows Server 2012 is now available

J.C. Hornbeck — Thu, 19 Apr 2012 20:50:00 GMT

We are pleased to announce that the WSUS Management Pack (MP) beta for Windows Server 2012 is live and now available to TAP users. This Management Pack is available for you to test with on your Windows Server 2012 beta and can be found at our Connect site here.

IMPORTANT NOTES:

The use of this Management Pack in a production environment is not authorized or supported.
This Management Pack can only be installed in System Center 2012 Operations Manager

We look forward to your feedback!

Thank you,

The System Center Team

Get the latest System Center news on Facebook and Twitter:

The Forefront Server Protection blog: http://blogs.technet.com/b/fss/
The Forefront Endpoint Security blog : http://blogs.technet.com/b/clientsecurity/
The Forefront Identity Manager blog : http://blogs.msdn.com/b/ms-identity-support/
The Forefront TMG blog: http://blogs.technet.com/b/isablog/
The Forefront UAG blog: http://blogs.technet.com/b/edgeaccessblog/

April 2012 Security Bulletin Webcast and Q&A

J.C. Hornbeck — Fri, 13 Apr 2012 21:30:00 GMT

Hello, Today we published the April Security Bulletin Webcast Questions & Answers page , and the slide deck presented in the webcast. We fielded 15 questions on various topics during the webcast, including bulletins released, deployment tools,...(read more)

WSUS on Windows Server “8” Administrative Tasks using PowerShell – Part 1

J.C. Hornbeck — Thu, 12 Apr 2012 14:26:18 GMT

Author: Yuri Diogenes - Senior Technical Writer

Technical Reviewers: Cecilia Cole - Program Manager, Travis Plunk - Software Developer Engineer

In our previous post, we demonstrated how to install the WSUS Role on Windows Server “8” using PowerShell. This post will demonstrate how to leverage WSUS PowerShell Cmdlets to perform core administrative tasks. This post will be divided in two parts: The first part will cover some WSUS common queries using PowerShell and second part will cover some WSUS configuration via PowerShell.

Obtaining a list of Computers

Use Get-WsusComputer to get a listing of all computers that are reporting to WSUS. This command also allows you to obtain more information by the computer’s full qualified domain name and filter criteria (operating system, name, etc).

To list all computers use the parameter -all as shown in the example below:

To list all computers based on a string that is part of the computer’s full name, use the -nameincludes parameter as shown in the example below:

Obtaining a Current Status for Updates

Use Get-WsusUpdate to obtain the current status for WSUS updates. The example below shows a list of all updates that are classified as security updates:

Obtaining a list of Products

Use Get-WsusProduct to obtain the list of all programs that are currently configured to provide updates via WSUS. If you run this command without any parameters it will list all programs. To view the full list of products, run the command without parameters as shown below:

You can leverage the PowerShell comparison operator’s capability to create filters by conditions as shown in the following example:

Conclusion

In this post you learned how to use some of the WSUS PowerShell cmdlet to obtain information about WSUS updates and computers reporting to WSUS. In the next post, we will explain how to use another set of WSUS PowerShell cmdlets to configure WSUS.

Stay tuned for more exciting stuff on this blog and the Windows Server Blog from the server leadership team.

Yuri Diogenes | Senior Technical Writer

Get the latest System Center news on Facebook and Twitter:

New WSUS categories coming for System Center 2012 – App Controller and System Center 2012 – Virtual Machine Manager

J.C. Hornbeck — Tue, 10 Apr 2012 20:56:55 GMT

In case you missed the announcement, looks like we have two new WSUS categories to look forward to: System Center 2012 – App Controller and System Center 2012 – Virtual Machine Manager. The WSUS product team says we’ll see these new categories when new updates are available for these products.

New product categories under System Center family : http://blogs.technet.com/b/wsus/archive/2012/04/06/new-product-categories-under-system-center-family.aspx

J.C. Hornbeck | System Center & Security Knowledge Engineer

Get the latest System Center news on Facebook and Twitter:

Windows XP and Office 2003 countdown to end of support, and the April 2012 bulletins

J.C. Hornbeck — Tue, 10 Apr 2012 17:02:51 GMT

Hello, As you know, today is Update Tuesday. Before I go into the bulletin details, however, I wanted to let you know that today we’re notifying customers that Windows XP and Office 2003 will go out of support in April 2014 . We understand that...(read more)

Advance Notification Service for April 2012 security bulletin release

J.C. Hornbeck — Thu, 05 Apr 2012 17:10:00 GMT

Hello, Today we’re releasing our advance notification for the April security bulletin release, which is scheduled for Tuesday, April 10. This month’s release includes 6 bulletins addressing 11 vulnerabilities in Microsoft Windows, Microsoft...(read more)

WSUS administration best practices recommended to ease Forefront Endpoint Protection (and Client Security) deployment (en-US)

J.C. Hornbeck — Wed, 04 Apr 2012 14:41:08 GMT

Here’s a cool article I found while going through what was new over on our community-driven TechNet Wiki. This one discusses some best practices for WSUS that should ease Microsoft Forefront Endpoint Protection and Client Security deployments. And as with all of the Wiki articles, if you have some tips of your own please feel free to add them in.

Forefront Client Security and Endpoint Protection both use WSUS infrastructure in different ways. This, unless your Forefront update policy uses a network share to deploy the updates. The goal of this article is not to explain the relationship between Forefront and WSUS in details, but to provide best practices regarding WSUS management and administration, that will surely ease FCS/FEP deployment, and even avoid certain issues (eg: updating failures).

The key point to remember is that FCS and FEP may really rely a lot on the WUA's (Windows Updates Agent) health and performance, on the client computers. Below are a few points, role-based: clients, and Server-based (mostly WSUS), that are known to ease Forefront deployment and updating…

You can continue reading the rest of the article here:

J.C. Hornbeck | System Center & Security Knowledge Engineer

Get the latest System Center news on Facebook and Twitter:

BlueHat Prize: And now the fun begins

J.C. Hornbeck — Wed, 04 Apr 2012 01:22:00 GMT

The entry window for the first annual BlueHat Prize closed at 11:59pm PDT on April 1. We've been eagerly awaiting a final entry count from the contest organizers, and senior security strategist Katie Moussouris has just posted that tally on the EcoStrat...(read more)

WSUS File Size Limit for Locally Published Updates (en-US)

J.C. Hornbeck — Mon, 02 Apr 2012 18:52:00 GMT

Here’s one more article on WSUS that I found over on our TechNet Wiki page today. This one describes and issue where publishing an update larger than 2GB in size will fail:

Consider a scenario where the following tasks are performed in WSUS running on Windows Server “8” Beta:

- The WSUS API is used to create and publish custom updates, applications, and device drivers – a locally published update.
- The SoftwareDistributionPackage class is used to author a package
- The IPublisher interface is used to publish the package to a WSUS server
- The total size of the package exceeds 2047 MB
- The PublishPackage method is used to create a CAB file for the package and to publish the package on the WSUS server

The expected result is that the package is published on the WSUS server. However, the PublishPackage method will fail to create the CAB file.

You can read the rest of the article here.

J.C. Hornbeck | System Center & Security Knowledge Engineer

Get the latest System Center news on Facebook and Twitter:

Search for updates returns declined updates in WSUS on Windows Server 8 Beta

J.C. Hornbeck — Mon, 02 Apr 2012 15:28:44 GMT

Here’s another cool WSUS article I found over on our TechNet Wiki page this morning. This one describes and issue where a search for updates returns declined updates on the Windows Server 8 beta:

Consider a scenario where the following tasks are performed in WSUS running on Windows Server “8” Beta:

A default synchronization was done using the default configuration
An update was declined
A search for updates is performed for a term (for example the update number) from the declined updates

The expected result is that WSUS shows only Updates that are not declined, however the actual result is that declined and non-declined update are returned…

You can read the rest of the article here.

J.C. Hornbeck | System Center & Security Knowledge Engineer

Get the latest System Center news on Facebook and Twitter:

6...5...4...3...2...

J.C. Hornbeck — Mon, 26 Mar 2012 19:25:00 GMT

Nearly nine months after we announced the first annual BlueHat Prize competition for innovations in defensive security technologies, we’re just days away from the submission deadline. On the EcoStrat blog today, Senior Security Strategist Katie...(read more)

Installing WSUS on Windows Server “8” Beta using PowerShell

J.C. Hornbeck — Tue, 20 Mar 2012 18:07:41 GMT

Authors:

Travis Plunk, Software Developer Engineer
Yuri Diogenes, Senior Technical Writer

Technical Reviewers:

Cecilia Cole, Program Manager

In our previous post, we demonstrated how to install the WSUS Role on the Windows Server “8” Beta using the new Server Manager. In this post you will learn how to perform the same task using PowerShell.

To install WSUS on Windows Server “8” Beta using PowerShell, follow the steps below:

1. Sign in on Windows Server “8” Beta

2. On the taskbar click Windows PowerShell button.

3. In the PowerShell Console type Install-WindowsFeature -Name UpdateServices, UpdateServices-Ui and press ENTER.

4. The installation process will start and a progress counter will appear on the screen. Wait until the installation reaches 100% and you receive a message that the installation succeeded before moving on to the next step.

5. Type & ‘C:\Program Files\Update Services\Tools\WsusUtil.exe’ postinstall contentdir=C:\Mycontent and press ENTER.

6. Wait until you receive the message that the post installation successfully finished.

8. Type Exit and press ENTER to leave the PowerShell interface.

At this point the WSUS installation is completed and you may launch the WSUS Console using the Tools menu. When you launch WSUS for the first time the WSUS Configuration Wizard will appear. For more information about how to configure WSUS, read Step 3: Configure WSUS in the Deploying Windows Server Updates Services in the Organization article at the TechNet Library.

If you want to perform the full installation and post installation tasks using PowerShell you should run this script once you finish the installation via PowerShell.

Stay tuned for more exciting stuff on this blog and the Windows Server Blog from the server leadership team.

Yuri Diogenes | Senior Technical Writer

Get the latest System Center news on Facebook and Twitter:

March 2012 Security Bulletin Webcast and Q&A

J.C. Hornbeck — Fri, 16 Mar 2012 23:44:00 GMT

Hello, Today we published the March Security Bulletin Webcast Questions & Answers page . During the webcast, we fielded twelve questions focusing on MS12-020 (aka “the RDP update”). Two additional questions for MS12-022 regarding Microsoft...(read more)

Proof-of-Concept Code available for MS12-020

J.C. Hornbeck — Fri, 16 Mar 2012 20:17:00 GMT

On March 15, we became aware of public proof-of-concept code that results in denial of service for the issue addressed by MS12-020 , which we released Tuesday. We continue to watch the threat landscape and we are not aware of public proof-of-concept...(read more)

Strength, flexibility and the March 2012 security bulletins

J.C. Hornbeck — Tue, 13 Mar 2012 16:48:00 GMT

Hello. Today we’re releasing six security bulletins – one Critical-class, four Important and one Moderate – addressing seven issues in Microsoft Windows, Visual Studio, and Expression Design. We recommend that customers focus on MS12...(read more)

March 2012 ANS

J.C. Hornbeck — Thu, 08 Mar 2012 18:50:00 GMT

Hello. Today we’re releasing our advance notification for the March security bulletin release, which is scheduled for Tuesday, March 13. This month’s release includes six bulletins addressing seven vulnerabilities in Microsoft Windows, Visual...(read more)

How WSUS and Cluster-Aware Updating are affected by Windows Server 8 Beta Updates

J.C. Hornbeck — Mon, 05 Mar 2012 21:02:52 GMT

Just a quick FYI on an article over on our TechNet Wiki regarding how WSUS and Cluster-Aware Updating are affected by Windows Server 8 Beta updates:

There are two known issues with Windows Server "8" Beta update process:

Windows 8 Beta Updates are not marked for WSUS
The Beta Microsoft Update Catalog is not available for WSUS on Windows Server “8” Beta

Pre-release updates, including Windows “8” Consumer Preview and Windows Server “8” Beta updates, are not marked for WSUS.
Normally when updates are not marked for WSUS, you can still import them via Microsoft Update Catalog. However, the Beta Microsoft Update Catalog Website is currently not available for WSUS. Therefore, the import mechanism does not work. Updates for existing products that are marked for WSUS continue to be marked for WSUS.

For all the details and the workaround please see the following:

How WSUS and Cluster-Aware Updating are affected by Windows Server 8 Beta Updates : http://social.technet.microsoft.com/wiki/contents/articles/7891.how-wsus-and-cluster-aware-updating-are-affected-by-windows-server-8-beta-updates.aspx

J.C. Hornbeck | System Center & Security Knowledge Engineer

Get the latest System Center news on Facebook and Twitter:

Getting started with WSUS in the Windows Server 8 beta: Installing the WSUS role using the new Server Manager

J.C. Hornbeck — Fri, 02 Mar 2012 14:00:00 GMT

Author:
Yuri Diogenes, Senior Technical Writer

Technical Reviewers:
Travis Plunk, Software Developer Engineer
Cecilia Cole, Program Manager
J.C. Hornbeck, Knowledge Engineer

Windows Server Update Services (WSUS) is now built in to the Windows Server 8 beta as a Server Role. We launched a series of new articles at TechNet Library about the new WSUS and you can access them here. Throughout this month we plan to release one article per week about some of the new WSUS capabilities, however before we go further on those new capabilities it is important that you learn how to easily install WSUS using the new Server Manager in Windows Server 8 beta.

To install WSUS on the Windows Server 8 beta follow the steps below:

1. Sign in to Windows Server 8 beta

2. On Server Manager, in the Dashboard click Add roles and features as shown below:

3. In the Add Roles and Feature Wizard, in the Before you begin page, click Next.

4. In the Select installation page, select Role-based or feature-based installation as shown below and click Next.

5. In the Select destination server page, select the option that is most appropriate for your deployment. For this example we will use the option Select a server from the server pool as shown below and then click Next.

6. In the Select server roles page, scroll down the roles field and select Windows Server Update Services. In the Add Roles and Features Wizard dialog box, click Add Features button as shown below and click Next.

7. In the Select features page click Next.

8. In the Web Server Role (IIS) page click Next.

9. In the Select role services page click Next.

10. In the Windows Server Update Service page click Next.

11. In the Select role services page, select the options that are most appropriated for your deployment. For the purpose of this example the default selections will be used as shown below. Once you select it click Next to continue.

12. In the Content location selection page make sure to type a valid local path to where you want to store the updates. For the purpose of this example the path in use is C:\WSUSUpdates as shown below. After typing the path click Next to proceed.

13. In the Confirm installation selections page select the option Restart the destination server automatically if required. In the Add Roles and Features Wizard dialog box click Yes and then click Install button. The installation process will start as shown below:

14. Wait until the installation succeed and click Close button.

NOTE You can safely click Close button that the installation will continue in background.

15. Once you close it, you will notice an orange warning in the Server Manager Dashboard menu as shown below:

16. Click on it and click the option Launch Post-installation tasks as shown below:

NOTE Although it may appear that nothing is happening, if you click again the orange warning you will see that the Post-deployment Configuration is taking place. You can click in Task Details to see more information about the current state of this operation. The Task Details window appears as shown below:

17. Once the Post-Configuration is finished, the orange warning should disappear and a flag with the amount of tasks that were completed will appear.

At this point the WSUS installation is complete and you may launch WSUS Console using the Tools menu. When you launch WSUS for the first time the WSUS Configuration Wizard will appear. For more information about how to configure WSUS, read Step 3: Configure WSUS in the Deploying Windows Server Updates Services in the Organization article at TechNet Library.

In our next blog post we will discuss about installing WSUS Role using PowerShell, so stay tuned!

Yuri Diogenes | Senior Technical Writer

Get the latest System Center news on Facebook and Twitter:

New WSUS category for Forefront Identity Manager 2010

J.C. Hornbeck — Tue, 28 Feb 2012 15:49:02 GMT

A new product category will be added to your WSUS server under the Forefront family, entitled Forefront Identity Manager 2010. You will see this new category when new updates are available for this product. We encourage you to sync this new category if you have these products in your managed environment. For additional information about this product, please visit http://www.microsoft.com/en-us/server-cloud/forefront/identity-manager-overview.aspx

J.C. Hornbeck | System Center & Security Knowledge Engineer

Get the latest System Center news on Facebook and Twitter:

February 2012 Security Bulletin Webcast and Q&A

J.C. Hornbeck — Fri, 17 Feb 2012 18:37:00 GMT

Hello, Today we published the February Security Bulletin Webcast Questions & Answers page . We fielded ten questions on various topics during the webcast, including bulletins released, deployment tools, and update detection tools. Many of the questions...(read more)