Additional SW support (not only Windows + Office)

Additional SW support (not only Windows + Office)

Postby IBU » 27.04.2015, 16:15

Dear admin,

do you consider extending supported SW beyond the level of Windows + Office?
In ideal case components that are frequently installed (SQL Express, Silverlight, ASP.NET MVC, ...) could be patch-able as well.
The suitable timing could be dropping of the support of the Server 2003 (so the amount of supported SW remains balanced).
Thank you for your opinion.

Regards,
M.
IBU
 
Posts: 22
Joined: 26.09.2014, 10:34

Re: Additional SW support (not only Windows + Office)

Postby aker » 27.04.2015, 21:42

:arrow: viewtopic.php?f=7&t=172

There is no full catalog of all MS Updates, so it is impossible to support every MS product; some programs (Silverlight, MSSE) have static definitions, so wsusou is able to update them.
Wer Rechtschreibfehler findet, darf sie behalten oder an den Meistbietenden versteigern. / Everybody finding a misspelling is allowed to sell it.
aker
aker
 
Posts: 3029
Joined: 02.03.2011, 16:32
Location: /dev/kmem

Re: Additional SW support (not only Windows + Office)

Postby IBU » 28.04.2015, 09:56

Hello aker,

thank you a lot for your answer. I agree with you, full coverage of all MS products would be perhaps too much.
I was just assuming that if MBSA is able to detect missing security updates for other MS software(SQL server express, ASP.NET MVC, ...), that WSUS Offline would be theoretically able to patch them. Because those both tools use the same catalog to scan - WSUSSCN2.CAB
Could you please give us very brief explanation of which products are cover by static / dynamic Security Updates links?
Thank a lot for you response.

Cheers,
M.
IBU
 
Posts: 22
Joined: 26.09.2014, 10:34

Re: Additional SW support (not only Windows + Office)

Postby aker » 28.04.2015, 18:14

Static updates are: root certificates, IE, WMP, PowerShell, MSSE, Windows Defender definitions, Silverlight, C++, .NET and the WMF.
Everything else is handled by wsusscn2.cab and the Windows Update Agent.
Wer Rechtschreibfehler findet, darf sie behalten oder an den Meistbietenden versteigern. / Everybody finding a misspelling is allowed to sell it.
aker
aker
 
Posts: 3029
Joined: 02.03.2011, 16:32
Location: /dev/kmem

Re: Additional SW support (not only Windows + Office)

Postby Gerby » 29.04.2015, 09:22

Hi,

The Service Packs (for Windows and Office) are also handled as static updates.

Greetz
Gerby
Mach mit - der Übersichtlichkeit wegen! Füge Log-Auszüge als [Code] ein.
Make it clear! Insert log excerpts as [Code].
Gerby
 
Posts: 461
Joined: 11.09.2009, 16:57
Location: DE > SH > SE

Re: Additional SW support (not only Windows + Office)

Postby IBU » 29.04.2015, 12:09

Hi Aker and Gerby,

thank you a lot for your detailed explanation.
I have checked MBSA documentation and it seems that security updates for all of the following products are included in WSUSSCN2.CAB:

Microsoft® Baseline Security Analyzer (MBSA) checks to ensure that you have the latest security updates, update rollups and service packs for all products being serviced by the Microsoft Update site. This includes, but is not limited to the following:
•Microsoft® Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2
•Internet Information Server (IIS) 5.0, 5.1 and IIS 6.0
•SQL Server™ 2000 and 2005 (including Microsoft Data Engine)
•Internet Explorer 5.01 and later
•Windows Media Player 6.4 and later
•Exchange Server 2000, 2003 and 2005 (including Exchange administrative tools)
•Microsoft Data Access Components (MDAC) - all supported versions
•Microsoft Virtual Machine (VM)
•MSXML - all supported versions
•Microsoft Office XP (2002), Office System 2003 and Office 2007
•.Net Framework 1.0, 1.1, 2.0 and later
•Microsoft DirectX
See the Microsoft Web site for the current list of products
Security update checks are performed by using information obtained directly from the Microsoft Update site (online), a Windows Server Update Services (WSUS) server, or from an offline catalog (CAB) file when offline


Isn't it possible to "simply" download all security updates for all products listed above using the WSUSSCN2 catalog? (and not static links)
But maybe I just missed some important piece of information.
Thank you again for your time and explanation!

Cheers,
M.
IBU
 
Posts: 22
Joined: 26.09.2014, 10:34

Re: Additional SW support (not only Windows + Office)

Postby privateren » 23.01.2018, 08:57

So In short as of now, If I want to update MSSQL server in my windows server using wsusoffline. It is not possible right? :roll:
privateren
 
Posts: 5
Joined: 08.12.2017, 12:22

Re: Additional SW support (not only Windows + Office)

Postby Gerby » 23.01.2018, 11:34

Hello privateren,

I'm afraid, you're right.

Unfortunately the catalog is not containing the same structure and information for each product group, thus, the extraction mechanism must be adapted. And compromises must be made, too. For example, Office updates cannot be distinguished to which package (2016, 2013, ...) they belong, thus WSUS Offline update has to download most of the updates, even if they won't be needed for the target systems.

The primary aim of WSUS Offline Update is bringing a Windows installation to a security state so that the risk of a first connection to the (inter-) net is decreased. Everything else (especially Office updates) is a goodie.

Greetz
Gerby

P.S.: I've deleted your other post with the same question.
Mach mit - der Übersichtlichkeit wegen! Füge Log-Auszüge als [Code] ein.
Make it clear! Insert log excerpts as [Code].
Gerby
 
Posts: 461
Joined: 11.09.2009, 16:57
Location: DE > SH > SE


Return to Anregungen / Suggestions

Who is online

Users browsing this forum: No registered users and 2 guests