Use WSUS Offline for Adove, IE and .Net Updates

Use WSUS Offline for Adove, IE and .Net Updates

Postby grinpress » 25.12.2017, 14:28

Hello Forum.
I am wondering whether I can use WOU Tool for downloading and installing security updates for:
- Adobe Flash Player
- Internet Explorer
. .Net

Thanks
grinpress
 
Posts: 24
Joined: 25.12.2017, 13:52

Re: Use WSUS Offline for Adove, IE and .Net Updates

Postby boco » 25.12.2017, 17:44

Adobe Flash Player - Only the one that comes with Windows 8 and above will be updated. You might be able to add the NPAPI or Pepper Flash Installer manually, if they support command line arguments. Flash will be EOL in 2020.
Internet Explorer - IE is covered by WOU, but only the latest version for each platform, as per MS guidelines.
.NET - Dotnet is covered, you need to check the "Include C++ Runtime Libraries and .NET Frameworks" checkbox in UpdateGenerator.exe.
Microsoft update catalog: http://catalog.update.microsoft.com/v7/site/
Windows Install media download: https://support.microsoft.com/en-us/help/15088/windows-create-installation-media
boco
 
Posts: 2398
Joined: 24.11.2009, 17:00
Location: Germany

Re: Use WSUS Offline for Adove, IE and .Net Updates

Postby grinpress » 25.12.2017, 18:14

thanks a lot for that. I need this info for Windows 10 ans Server 2012.
Can you please specify regarding the Adobe or direct me to the link on how to add manual commands.
for internet explorer - if i use security only option, will ie be updated ?
grinpress
 
Posts: 24
Joined: 25.12.2017, 13:52

Re: Use WSUS Offline for Adove, IE and .Net Updates

Postby Dalai » 25.12.2017, 18:54

grinpress wrote: Can you please specify regarding the Adobe or direct me to the link on how to add manual commands.

Adobe Flash Player is included in normal Windows updates starting with Win8. You don't have to do anything to get these updates since WSUS Offline downloads and installs them normally (AFAIK).

for internet explorer - if i use security only option, will ie be updated ?

Since the /seconly switch only does anything on Win7 and 8.1 (and their Server counterparts), it's only relevant there. Yes, IE will receive security updates, regardless of /seconly switch, but only the latest version as boco already mentioned. On Win10, WSUS Offline should take care of all updates, including IE; don't know whether or not they're separate or included in the cumulative updates. Note that WSUS Offline DOES NOT upgrade Win10 to a newer release, e.g. from 1703 to 1709.

Regards
Dalai
Dalai
 
Posts: 1041
Joined: 12.07.2016, 21:00

Re: Use WSUS Offline for Adove, IE and .Net Updates

Postby boco » 26.12.2017, 07:48

grinpress wrote:Can you please specify regarding the Adobe or direct me to the link on how to add manual commands.
Unfortunately not, I do not use Flash for many years. Check out the resources on the Adobe Flash site, especially those meant for enterprises. There might even be MSI packages offered (WOU has a feature for integrating third party MSI).

Dalai wrote:Adobe Flash Player is included in normal Windows updates starting with Win8. You don't have to do anything to get these updates since WSUS Offline downloads and installs them normally (AFAIK).
Freeze! Only AXFlash (ActiveX for IE/Edge) is in Windows Update! The other types of Flash, NPAPI (Netscape/Mozilla) and PPAPI (Pepper) aren't!
Microsoft update catalog: http://catalog.update.microsoft.com/v7/site/
Windows Install media download: https://support.microsoft.com/en-us/help/15088/windows-create-installation-media
boco
 
Posts: 2398
Joined: 24.11.2009, 17:00
Location: Germany

Re: Use WSUS Offline for Adove, IE and .Net Updates

Postby grinpress » 26.12.2017, 14:53

Boco, Dalai Thanks a lot for your help.
I've "played" with the Tool for 2 days and I am still a little bit confused
I selected Win 8.1 x64 ( Server 2012) and Security-only option, .
What I could see is that in 2017 (since Jan to Dec) with such a selection WSUS downloads the following :
1. one Adobe Flash Player patch appeared in December : kb4053577
2. one Internet Explorer IE11 patch appeared in December kb4052978
3. Few .Net patches : kb4040981,kb4040974 etc

So, my conclusion is:
1. seems WSUS is generally able to bring Adobe Flash Player patches for IE...but partially: DEcember kb4053577 it brings, but October KB4049179 and November November 2017 it does not bring.
I am not sure what the reason is . Do you have an idea ?
2. IE: WSUS is able to bring IE 11 cumulative patches. It knows to automatically supersede earlier cumulative patches: October KB4040685 Commulative patch is not included in WSUS package, but December kb4052978 is there. I I am right ?
3. For .Net
With SEc-only option WSUS brings a lot of .Net patches.
So, what's the difference if I would select "Include C++ and .Net" option ? I

And the last question : where WSUS keeps a catalog of what it will be downloading from MS site ( actually, MS Update Catalog) ?

Thanks a lot again
grinpress
 
Posts: 24
Joined: 25.12.2017, 13:52

Re: Use WSUS Offline for Adove, IE and .Net Updates

Postby Dalai » 26.12.2017, 15:22

boco wrote:Only AXFlash (ActiveX for IE/Edge) is in Windows Update! The other types of Flash, NPAPI (Netscape/Mozilla) and PPAPI (Pepper) aren't!

Yes, of course you're right.


grinpress wrote:So, my conclusion is:
1. seems WSUS is generally able to bring Adobe Flash Player patches for IE...but partially: DEcember kb4053577 it brings, but October KB4049179 and November November 2017 it does not bring.

The Flash player updates are cumulative, i.e. you only need the latest one. Just like with the "regular" Flash player for Mozilla based browsers.

2. [...] I I am right ?

Yes.

So, what's the difference if I would select "Include C++ and .Net" option ? I

When enabled, WSUS Offline installs updates for C++ Redistributable (or rather newer releases) if they are installed, and it installs .NET Framework 4.x on the system even if it's not installed. The updates for .NET Framework are installed regardless of that checkbox; only the ones for the installed .NET Framework versions, of course.

Example: Win7 doesn't come with .NET Framework 4.x preinstalled. When you enable that checkbox, it will install it. When the checkbox is not enabled, it won't. Updates will be installed either way.

And the last question : where WSUS keeps a catalog of what it will be downloading from MS site ( actually, MS Update Catalog) ?

wsusoffline\client\wsus\wsusscn2.cab is the one file that WSUS Offline uses to determine everything, both download and installation.

Regards
Dalai
Dalai
 
Posts: 1041
Joined: 12.07.2016, 21:00

Re: Use WSUS Offline for Adove, IE and .Net Updates

Postby boco » 26.12.2017, 16:18

I selected Win 8.1 x64 ( Server 2012)
Important: Win 8.1 x64 (w63-x64) is for Server 2012 R2. Server 2012 without R2 is based on Win 8.0 x64 (w62-x64) kernel.

In general, the IE security patches are cumulative, the latest one contains all its predecessors. The IE security update will only be offered for the seconly path, all the full Rollups already include it. Flash is the same, every new Flash KB supersedes all previous ones.

DotNet is handled as follows: Each Windows version does have a certain .NET version built-in. This is called "native" .NET. The native .NET version will be updated through WU without having to do anything.
Then, there are the non-native .NET versions. Those are usually versions that appeared after the OS release. Before WU can update them, they have to be installed first (optional packages).
Long story short, the checkbox in WOU's UpdateGenerator is only for the non-native packages.

A word about Windows 10: Windows 10 does not give any choice of seconly, only the full Security+Quality Rollups (and further Quality Rollups) exist and are offered through WU. Please note that WOU only downloads and installs the former (offered on the normal Patchday). The Quality and feature fixes offered one or two weeks later are not covered.
Microsoft update catalog: http://catalog.update.microsoft.com/v7/site/
Windows Install media download: https://support.microsoft.com/en-us/help/15088/windows-create-installation-media
boco
 
Posts: 2398
Joined: 24.11.2009, 17:00
Location: Germany

Re: Use WSUS Offline for Adove, IE and .Net Updates

Postby grinpress » 26.12.2017, 16:57

now everything is clear. Huge thank you
grinpress
 
Posts: 24
Joined: 25.12.2017, 13:52


Return to Installation / Updating

Who is online

Users browsing this forum: No registered users and 242 guests