RE: Critical/Security Updates as well as other Patch Management

["Sullivan, Glenn" <GSullivan () DavidClark com>]

Not exactly... my SUS server downloads each new patch to it's own hard
drive.  Then I test the patches with my "beta" group, and assuming all is
well, make them available to the rest of the machines.

My workstations never converse, either directly or through proxy, to the
Windows Update servers.  Only one machine ever does that, the SUS server.

Has your experience been different?

Glenn Sullivan, MCSE+I  MCDBA
David Clark Company Inc.


-----Original Message-----
From: Jason Coombs [mailto:jasonc () science org]
Sent: Thursday, March 13, 2003 2:38 PM
To: Jed Needle; security-basics () securityfocus com
Subject: RE: Critical/Security Updates as well as other Patch Management


SUS is nothing more than a filter for windowsupdate.com that tells managed
boxes not to allow windowsupdate.com to install anything other than the
subset of updates approved by the SUS administrator.

Each Windows box still uses Windows update directly, so all vulnerabilities
that impact Windows update and the client-side code that talks to
windowsupdate.com are still present when SUS is used.

Jason Coombs
jasonc () science org

-----Original Message-----
From: Jed Needle [mailto:jed () vitel com]
Sent: Tuesday, March 11, 2003 12:24 PM
To: security-basics () securityfocus com
Subject: RE: Critical/Security Updates as well as other Patch Management


On Microsoft platforms there is a patch management util called SUS
"software update service?? (I think)
Once configured, the server will automatically download relevant
patches, you then point the clients to the sus server and push updates
to clients that way.

Jed