Not quite "SUS on a disk", but…

I’ve been asking Microsoft for some time to release a “SUS on a disk” – an ISO image format, and maybe an updater tool, that would allow an admin to create a DVD-R that they could then drag along to a machine that is either disconnected or poorly connected, or not allowed to connect out to the Internet.  Such a disk would be really useful for those of us called to upgrade machines of our friends and family, too.

Well, today on MS Downloads, I noticed the following:

January 2006 Security and Critical Releases ISO Image

If this isn’t new, I haven’t seen it before – and while it’s not quite SUS on a disk, it’s pretty damn close.

Thanks for listening, Microsoft!

Now, because nothing is ever perfect, some suggestions for MS:

  1. This is only Windows Update, not Microsoft Update.  Particularly, it doesn’t include MS06-003 fixes, because that’s Exchange and Outlook.  A MU-on-a-disk would be great, too.
  2. A baseline disk image of security/critical patches to date would be helpful, too – I appreciate that it would be huge.  Perhaps pick a date, make a baseline image, and provide a means to download mere updates to the image, rather than the whole image afresh, for people who like to have the “most complete” set of patches.
  3. Is there a tool to create our own WSUS-on-a-disk?  I’d love to have that tool, so that I can take a disk with me for systems that don’t get network access even for patches. Or for mailing to my parents.

3 thoughts on “Not quite "SUS on a disk", but…”

  1. Subscribe to Technet. You get all updates released -ever- on DVD, sorted by Security bulletin, and they only lag about a month behind. It’s money well spent considering the boatload of other technical resources and downloads you get shipped to you monthly.

  2. While I’m comfortable waiting up to a month – several months, indeed – for unannounced vulnerabilities to wait unpatched, I’m not sure that I’m thrilled about the prospect of waiting a month to ship out patches to announced, patched vulnerabilities.

    I don’t disagree that TechNet is a valuable resource for most IT professionals, but for patch distribution to low-bandwidth sites, I really need a solution like this.

    [Obviously, zero-bandwidth sites are not so much of an issue – but for low-bandwidth sites, it’s likely that a hacker will reverse-engineer the patch, make an exploit, and email it to the site before the site can finish downloading the patch.]

Leave a Reply

Your email address will not be published. Required fields are marked *