This article describes about Introduction to Windows Updates and overview about regular Windows Patching which is essential for windows operating system and Application vulnerabilities. The Windows Patch Manager process can be enabled via Windows updates.
Updates and patches usually include security patches that protect Windows from malware. Using Microsoft Update, users can receive updates from Windows Update as well as third-party driver updates; however, when the user is online, Microsoft Update searches for updates on Windows Update’s website.
Overview about Windows Updates:
- It is a free service used to provide patching for window machines and other Microsoft software products.
- Window Patching Protect Your System from Malicious Software fix General Windows Issues and Bugs.
- Microsoft usually releases windows updates on the second Tuesday of every month, known as “Patch Tuesday“.
Common Vulnerabilities and Exposures numbers are provided by Microsoft Security Response Center (MSRC). By using Common Vulnerability Scoring System (CVSS) score will identify severity of update.
- We can perform windows update using different release channels like Windows Server Update Services (WSUS), Microsoft Update Catalog, Windows Update and Microsoft Update (via the Internet).
- WSUS is a centralized tool use to provide updates to Windows machines for client machines.
By default, WSUS server will use port 8530 for HTTP & 8531 for HTTPS.
Windows Server Update Services (WSUS)
You can see below picture all client machines (Windows Server 10, Windows Server 2016, Windows Server 2019, Windows Server 2022 and Windows 11 machines) are connected to WSUS server, and WSUS server is connected to Internet (help of proxy) and download the updates from Microsoft Windows Update site. As soon as Updates are downloaded into WSUS server, we can approve those updates on WSUS server, and it will reach to all connected client machines.
Windows updates configuration Process in Client Machines
- Configuration of Group Policy Objects (GPO) in Active Directory environment.
- In a work group environment using the Local Group Policy object (or) directly editing the registry using the registry editor (regedit.exe).
Windows Updates working functionality
- Background Intelligent Transfer Service (BITS) will be used to download updates.
- The wuauserv service allows windows to detect, download, and install updates.
Windows updates depends on products and classifications. Below mentioned are a few classifications that are crucial for regular Windows updates.
List of Products available in Windows Server Update Services (WSUS) Server
- Critical Updates: Specifies a widely released fix for a specific problem that addresses a critical, non-security issue. Example: update for Microsoft office 2016.
- Security Updates: Describes a widely released fix for a security vulnerability specific to a product. Example: security monthly quality rollup for windows server.
- Upgrades: Helps to perform version upgrades and operating system upgrades.
Procedure to check windows updates settings:
WSUS environment options can be found in the following subkey.
Verify check Windows Update Server IPaddress along with port number.
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
Verify check Windows Update Client Machine Automatic Update settings.
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
Verify check Windows Update Client Machine SusClientId
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate
For detail settings you can view Microsoft official document
Summary:
The Windows Update program prevents new (or) potentially widespread exploits and provides software patches, service packs, and driver updates. Introduction to Windows Updates has been explained in detail.
Thanks for your time, leave a comment if you have any queries about Introduction to Windows Updates.
In previous article discussed about a generic error in WSUS server reset node issues.
