- Training
- Training Live Events
- Training Without Travel
- SANS Courses
- Certified Instructors
- Career Roadmap
- Training Calendars
- SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- SANS Onsite
- SANS SelfStudy
- SANS Partnership Series
- SANS Workshop Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
the most trusted source for computer security training, certification and research
Case Study:Use Caution When Deploying Microsoft's Software Update
- Abstract
- Microsoft has quietly developed the Software Update Service (SUS) for distributing critical software updates and patches. Once installed, and properly configured, an internal SUS website will respond to internal hosts requesting the latest operating system patch or security roll-up, just like the Windows Update website. The purpose of this case study is to document the process used to evaluate the security risks associated with SUS before implementing it on a real world network. Risks such as hardening IIS, protecting the Internet connection required when downloading updates from the Internet, and server placement within the network were considered. Ultimately, I hope to demonstrate how I used Microsoft's Software Update Services as a solution for delivering the latest operating system updates and patches to internal clients on a small network. (WARNING: A recently discovered vulnerability may make this product extremely unsafe if configured incorrectly. Suggested configuration changes are noted in this paper)