Windows Server Update Services Users Getting Proxy-Use Change This Month
Microsoft on Tuesday notified Windows Server Update Services (WSUS) users that it’s no longer going to automatically support “user proxies” to get patches from Microsoft’s content delivery networks (CDNs), starting with this month’s cumulative update release.
Instead, Microsoft wants WSUS users to use “system proxies” to get patches. If an organization wants to have a user proxy as a fallback method, too, then they’ll have to configure it themselves, starting this month.
This nuance builds on Microsoft’s announcement back in September mandating the use of HTTPS for WSUS users tapping CDNs. At that time, Microsoft also explained that client proxies can be subject to man-in-the-middle tampering, so Microsoft doesn’t recommend using them.
With the January cumulative updates for Windows 10, released this week, Microsoft is now changing this proxy behavior for WSUS users.
Here’s how the announcement described the change:
Old behavior:
- Scan with user proxy.
- If user proxy fails, attempt scan with system proxy.
New behavior as of the January 2021 cumulative update:
- Scan with system proxy.
- If system proxy fails, attempt scan with user proxy.
To avoid scanning failures, Microsoft is advising WSUS users to not enable user proxies. However, if that’s not possible, then an option called, “Select the proxy behavior for Windows Update client for detecting updates,” should get specified by IT pros.
The user proxy setting can be specified using Group Policy, Configuration Service Provider policy or via Microsoft Endpoint Configuration Manager, as described in the announcement.
Microsoft also recommended that WSUS users who connect to the CDN using TLS/HTTPS use certificate pinning “to get the highest level of security.” However, the details weren’t described.
With certificate pinning, certain certificates are specified beforehand as being valid for a particular Web site. However, things can go wrong with this approach. PKI solutions provider DigiCert flatly advised against using certificate pinning in this blog post, for instance.
About the Author
Kurt Mackie is senior news producer for 1105 Media’s Converge360 group.
Source of this news: https://redmondmag.com/articles/2021/01/13/wsus-proxy-use-change.aspx
Related posts:
Dallas Invents is a weekly look at U.S. patents granted with a connection to the Dallas-Fort Worth-Arlington metro area. Listings include patents granted to local assignees and/or those with a N...
These days, it is fairly common for mature companies to implement Intrusion detection system (IDS), intrusion prevention systems (IPS), and security information and event management (SIEM) when they ...
Image: Daniel Romero via Unsplash My iPhone offers pretty good connectivity, but tends to be hamstrung by the limits imposed by my cellular carrier. Even though I have an unlimited data plan, using ...
The founder of neo-Nazi rag the Daily Stormer had some advice for the people who ran Parler, after the app was purged from the internet last week: Ask China or Russia for help. Parler, which had bec...
Device LinksMost K-12 schools and colleges put limits on what students can access via Wi-Fi. In most cases, the reasoning behind this decision is sound: minors shouldn’t have access to possibly inapp...
From the basic building blocks of the internet to cryptocurrency mining on a supercomputer, SOCKS sits at the core of computing. A SOCKS proxy can be used to improve network security in an enterprise...
There are many different various manufacturing software available for smaller businesses. The type of software you choose through the specific needs of your community. Some common features ...
By having OSS-Fuzz for continuous fuzzing of open-source projects and after that along with working on the various sanitizers for compilers, Google has been doing a lot for proactively unveiling s...
A previously undocumented threat actor has been identified as behind a string of attacks targeting fuel, energy, and aviation production industries in Russia, the U.S., India, Nepal, Taiwan, and Japa...
A proxy server provides a gateway between users and the internet and therefore offers a range of advantages - both for access and for security. We examine the question, "Why Would You WANT A Proxy?" ...
Yet again this week we have seen headlines pitching Apple against Facebook, as the iPhone maker’s crackdown on user tracking threatens mobile ad revenues. But while Facebook is clearly in Apple’s sig...
A fabulous developer and security examiner has discovered that the official Apple Watch Post office app fails to use the company’s own Mail Privacy Insurance policy feature. The feature was ...
Proxy servers are beneficial because they act as mediators between your computer and the internet. They make online requests for you, and then they return the requested information. If you want to cr...
Over the last four years, additional than 1, 500 business days, Cisco ’s strategic collaboration has helped Expo 2020 Dubai establish a secure, intelligent foundation for connectivity. The...
While you may not always get the fastest connection speeds out of Windscribe, it’s easy to unblock Netflix with this versatile free VPN app. Free VPNs have acquired a somewhat negative reputation fo...
No fewer than 1, 220 Man-in-the-Middle (MitM) phishing websites have been came across as targeting popular around the services like Instagram, That is definitely, PayPal, Apple, Twitter, and th...
Privacy is a growing concern in the tech industry, but Apple has fallen behind many of its peers when it comes to email security. Fortunately, iOS 15 changes that. Your email address is the key to a...
New ZE Loader Targets Online Banking Users <!-- --> IBM Trusteer closely follows developments in th...
