Page 1 of 1

Additional SW support (not only Windows + Office)

PostPosted: 27.04.2015, 15:15
by IBU
Dear admin,

do you consider extending supported SW beyond the level of Windows + Office?
In ideal case components that are frequently installed (SQL Express, Silverlight, ASP.NET MVC, ...) could be patch-able as well.
The suitable timing could be dropping of the support of the Server 2003 (so the amount of supported SW remains balanced).
Thank you for your opinion.

Regards,
M.

Re: Additional SW support (not only Windows + Office)

PostPosted: 27.04.2015, 20:42
by aker
:arrow: viewtopic.php?f=7&t=172

There is no full catalog of all MS Updates, so it is impossible to support every MS product; some programs (Silverlight, MSSE) have static definitions, so wsusou is able to update them.

Re: Additional SW support (not only Windows + Office)

PostPosted: 28.04.2015, 08:56
by IBU
Hello aker,

thank you a lot for your answer. I agree with you, full coverage of all MS products would be perhaps too much.
I was just assuming that if MBSA is able to detect missing security updates for other MS software(SQL server express, ASP.NET MVC, ...), that WSUS Offline would be theoretically able to patch them. Because those both tools use the same catalog to scan - WSUSSCN2.CAB
Could you please give us very brief explanation of which products are cover by static / dynamic Security Updates links?
Thank a lot for you response.

Cheers,
M.

Re: Additional SW support (not only Windows + Office)

PostPosted: 28.04.2015, 17:14
by aker
Static updates are: root certificates, IE, WMP, PowerShell, MSSE, Windows Defender definitions, Silverlight, C++, .NET and the WMF.
Everything else is handled by wsusscn2.cab and the Windows Update Agent.

Re: Additional SW support (not only Windows + Office)

PostPosted: 29.04.2015, 08:22
by Gerby
Hi,

The Service Packs (for Windows and Office) are also handled as static updates.

Greetz
Gerby

Re: Additional SW support (not only Windows + Office)

PostPosted: 29.04.2015, 11:09
by IBU
Hi Aker and Gerby,

thank you a lot for your detailed explanation.
I have checked MBSA documentation and it seems that security updates for all of the following products are included in WSUSSCN2.CAB:

Microsoft® Baseline Security Analyzer (MBSA) checks to ensure that you have the latest security updates, update rollups and service packs for all products being serviced by the Microsoft Update site. This includes, but is not limited to the following:
•Microsoft® Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2
•Internet Information Server (IIS) 5.0, 5.1 and IIS 6.0
•SQL Server™ 2000 and 2005 (including Microsoft Data Engine)
•Internet Explorer 5.01 and later
•Windows Media Player 6.4 and later
•Exchange Server 2000, 2003 and 2005 (including Exchange administrative tools)
•Microsoft Data Access Components (MDAC) - all supported versions
•Microsoft Virtual Machine (VM)
•MSXML - all supported versions
•Microsoft Office XP (2002), Office System 2003 and Office 2007
•.Net Framework 1.0, 1.1, 2.0 and later
•Microsoft DirectX
See the Microsoft Web site for the current list of products
Security update checks are performed by using information obtained directly from the Microsoft Update site (online), a Windows Server Update Services (WSUS) server, or from an offline catalog (CAB) file when offline


Isn't it possible to "simply" download all security updates for all products listed above using the WSUSSCN2 catalog? (and not static links)
But maybe I just missed some important piece of information.
Thank you again for your time and explanation!

Cheers,
M.

Re: Additional SW support (not only Windows + Office)

PostPosted: 23.01.2018, 07:57
by privateren
So In short as of now, If I want to update MSSQL server in my windows server using wsusoffline. It is not possible right? :roll:

Re: Additional SW support (not only Windows + Office)

PostPosted: 23.01.2018, 10:34
by Gerby
Hello privateren,

I'm afraid, you're right.

Unfortunately the catalog is not containing the same structure and information for each product group, thus, the extraction mechanism must be adapted. And compromises must be made, too. For example, Office updates cannot be distinguished to which package (2016, 2013, ...) they belong, thus WSUS Offline update has to download most of the updates, even if they won't be needed for the target systems.

The primary aim of WSUS Offline Update is bringing a Windows installation to a security state so that the risk of a first connection to the (inter-) net is decreased. Everything else (especially Office updates) is a goodie.

Greetz
Gerby

P.S.: I've deleted your other post with the same question.