As we mentioned previously, Microsoft is releasing an update to further harden the Windows Server Update Services (WSUS) as a defense-in-depth precaution for our customers. This update is now available for download. As an additional measure, we are providing the SHA1 and SHA2 hashes of the WSUS update and the WU client files we released today. This allows administrators to verify that the files they download are from Microsoft. The hashes are listed in the update KB article. System Center 2012 Configuration Manager and System Center Configuration Manager 2007 are also impacted by this update’s further hardening, as software updates management is based on WSUS and is built-in. We strongly urge WSUS administrators to apply these updates as soon as possible to take advantage of the added security they offer. If you’d like to read more, please review the MSRC blog for more information.
Please follow the following steps to ensure a smooth deployment:
- Apply Security Advisory Update 2718704, issued on June 3, which moved unauthorized digital certificates derived from a Microsoft Certificate Authority to the Untrusted Store.
- Apply the WSUS update, issued on June 8th, see KB KB2720211.