Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Critical/Security Updates as well as other Patch Management

From: "Teodorski, Chris" <cteodorski () ppg com>
Date: Thu, 13 Mar 2003 11:41:56 -0500
Jason,

Are their known vulnerabilities with Windows Update and the client side code?

Chris

-----Original Message-----
From: Jason Coombs [mailto:jasonc () science org]
Sent: Thursday, March 13, 2003 2:38 PM
To: Jed Needle; security-basics () securityfocus com
Subject: RE: Critical/Security Updates as well as other Patch Management


SUS is nothing more than a filter for windowsupdate.com that tells managed
boxes not to allow windowsupdate.com to install anything other than the
subset of updates approved by the SUS administrator.

Each Windows box still uses Windows update directly, so all vulnerabilities
that impact Windows update and the client-side code that talks to
windowsupdate.com are still present when SUS is used.

Jason Coombs
jasonc () science org

-----Original Message-----
From: Jed Needle [mailto:jed () vitel com]
Sent: Tuesday, March 11, 2003 12:24 PM
To: security-basics () securityfocus com
Subject: RE: Critical/Security Updates as well as other Patch Management


On Microsoft platforms there is a patch management util called SUS
"software update service?? (I think)
Once configured, the server will automatically download relevant
patches, you then point the clients to the sus server and push updates
to clients that way.

Jed
Previous By Date Next
Previous By Thread Next

Current thread: