Not quite "SUS on a disk", but…

I’ve been asking Microsoft for some time to release a “SUS on a disk” – an ISO image format, and maybe an updater tool, that would allow an admin to create a DVD-R that they could then drag along to a machine that is either disconnected or poorly connected, or not allowed to connect out to the Internet.  Such a disk would be really useful for those of us called to upgrade machines of our friends and family, too.


Well, today on MS Downloads, I noticed the following:


January 2006 Security and Critical Releases ISO Image


If this isn’t new, I haven’t seen it before – and while it’s not quite SUS on a disk, it’s pretty damn close.


Thanks for listening, Microsoft!


Now, because nothing is ever perfect, some suggestions for MS:


  1. This is only Windows Update, not Microsoft Update.  Particularly, it doesn’t include MS06-003 fixes, because that’s Exchange and Outlook.  A MU-on-a-disk would be great, too.
  2. A baseline disk image of security/critical patches to date would be helpful, too – I appreciate that it would be huge.  Perhaps pick a date, make a baseline image, and provide a means to download mere updates to the image, rather than the whole image afresh, for people who like to have the “most complete” set of patches.
  3. Is there a tool to create our own WSUS-on-a-disk?  I’d love to have that tool, so that I can take a disk with me for systems that don’t get network access even for patches. Or for mailing to my parents.

3 Responses to Not quite "SUS on a disk", but…

  • Brad C. says:

    Subscribe to Technet. You get all updates released -ever- on DVD, sorted by Security bulletin, and they only lag about a month behind. It’s money well spent considering the boatload of other technical resources and downloads you get shipped to you monthly.

  • Alun Jones says:

    While I’m comfortable waiting up to a month – several months, indeed – for unannounced vulnerabilities to wait unpatched, I’m not sure that I’m thrilled about the prospect of waiting a month to ship out patches to announced, patched vulnerabilities.

    I don’t disagree that TechNet is a valuable resource for most IT professionals, but for patch distribution to low-bandwidth sites, I really need a solution like this.

    [Obviously, zero-bandwidth sites are not so much of an issue - but for low-bandwidth sites, it's likely that a hacker will reverse-engineer the patch, make an exploit, and email it to the site before the site can finish downloading the patch.]

  • Adnan Rafik says:

    I’ve been looking for the same kind of solution. Putting a machine on the network 24/7 is also a threat if the business operation in not an online business.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>