{"id":15634,"date":"2020-09-09T09:27:47","date_gmt":"2020-09-09T07:27:47","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=15634"},"modified":"2020-09-09T09:27:47","modified_gmt":"2020-09-09T07:27:47","slug":"windows-10-nderungen-beim-wsus-update-scan","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2020\/09\/09\/windows-10-nderungen-beim-wsus-update-scan\/","title":{"rendered":"Windows 10: Changes in WSUS update scan"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" title=\"Update\" style=\"border-left-width: 0px; border-right-width: 0px; border-bottom-width: 0px; float: left; margin: 0px 10px 0px 0px; display: inline; border-top-width: 0px\" border=\"0\" alt=\"Windows Update\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2015\/02\/Update.jpg\" width=\"54\" align=\"left\" height=\"54\">[<a href=\"https:\/\/www.borncity.com\/blog\/2020\/09\/09\/windows-10-nderungen-beim-wsus-update-scan\/\" target=\"_blank\" rel=\"noopener noreferrer\">German<\/a>]With the September 2020 cumulative update for Windows 10, Microsoft introduced changes that improve the security of clients that scan Windows Server Update Services (WSUS) for updates. Here is a brief overview on this topic.<\/p>\n<p><!--more--><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"\" src=\"https:\/\/vg06.met.vgwort.de\/na\/326c655ee36d44f78afc9f17efa300bc\" width=\"1\" height=\"1\">I became aware of the topic through this tweet &#8211; Microsoft has published <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/windows-it-pro-blog\/changes-to-improve-security-for-windows-devices-scanning-wsus\/ba-p\/1645547\" target=\"_blank\" rel=\"noopener noreferrer\">this Techcommunity article<\/a> on this topic.&nbsp; <\/p>\n<p><img decoding=\"async\" title=\"Tweet\" alt=\"Tweet\" src=\"https:\/\/i.imgur.com\/OVtW2ml.jpg\"><\/p>\n<h2>Standardm\u00e4\u00dfig sicher: TLS-Protokoll\/HTTPS Pflicht<\/h2>\n<p>Starting with the September 2020 cumulative update, HTTP-based intranet servers will be secure by default. To ensure that clients remain inherently secure, Microsoft no longer allows HTTP-based intranet servers to use user proxies by default to detect updates. <\/p>\n<p>In a WSUS environment that is not secured with the TLS protocol\/HTTPS, and where a device requires a proxy to successfully connect to intranet WSUS servers &#8211; and this proxy is configured for users (not devices) only &#8211; then all WSUS scans for updates from the September 2020 cumulative update onwards will fail.<\/p>\n<p>Starting with the September 2020 cumulative update, HTTP-based intranet servers will be secure by default. To ensure that clients remain inherently secure, Microsoft no longer allows HTTP-based intranet servers to use user proxies by default to detect updates. <\/p>\n<p>In a WSUS environment that is not secured with the TLS protocol\/HTTPS, and where a device requires a proxy to successfully connect to intranet WSUS servers &#8211; and this proxy is configured for users (not devices) only &#8211; then all WSUS scans for updates from the September 2020 cumulative update onwards will fail.<\/p>\n<p>To ensure the security of the WSUS infrastructure, Microsoft recommends using the TLS\/SSL protocol between the devices and the WSUS servers. The Microsoft Update System (including WSUS) relies on two types of content: Update payloads and update metadata. More informatio will be found in Michael Cureton's post <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/windows-it-pro-blog\/security-best-practices-for-windows-server-update-services-wsus\/ba-p\/1587536\" target=\"_blank\" rel=\"noopener noreferrer\">Security Best Practices f\u00fcr Windows Server Update Services (WSUS)<\/a>. The <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/windows-it-pro-blog\/changes-to-improve-security-for-windows-devices-scanning-wsus\/ba-p\/1645547\" target=\"_blank\" rel=\"noopener noreferrer\">Techcommunity article<\/a> contains more details and recommendations how to configure clients for WSUS update scans. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]With the September 2020 cumulative update for Windows 10, Microsoft introduced changes that improve the security of clients that scan Windows Server Update Services (WSUS) for updates. Here is a brief overview on this topic.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,22,2],"tags":[1079,195,76,569],"class_list":["post-15634","post","type-post","status-publish","format-standard","hentry","category-security","category-update","category-windows","tag-sicherheit","tag-update","tag-windows-10","tag-wsus"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/15634","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=15634"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/15634\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=15634"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=15634"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=15634"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}