The Microsoft Security Response Center (MSRC) : Microsoft Windows Server Update Services (WSUS) Blocked from Deploying Security Updates:

So here’s the thing…

That came down on June 11 and apparently has caused some issues with WSUS servers offering up patches.  But I don’t see issues with my server?  Do you see any issues with yours?  Is it only if you approved it the first time?  Is it only when you have Office 2003 clients?

Bottom line keep an eye out for this, but I’m not seeing this in my networks…


One Response to Microsoft Windows Server Update Services (WSUS) Blocked from Deploying Security Updates

  1. Evan says:

    We’ve seen it now with two (2) WSUS servers at different Customer sites. I haven’t seen it at a site where we have replica servers running to see if performing the “corrective action” on the parent correctly replicates to the children.

    In one case, we still had clients running Office 2003, but the Office 2003 SP1 update had long-since been declined. In the other case, we had no clients running Office 2003, but still had the Office 2003 updates in the database on the WSUS server, declined.

    I don’t know enough about the cause of the issue (and don’t have the spare mental bandwidth to reverse engineer it) to know how to check for it server-side. I know that the IIS logs don’t show the “500 Server Error” messages that get reported to by the client. Obviously, if one knew what to look for in the WSUS database one could tell if a server was affected or not.

    Gee– it’s too bad that WSUS is a black box that fell from the sky and not a piece of software that could have been documented. It’s also too bad that there’s nobody out there who could write a software tool to automatically detect and correct the invalid data that causes this issue in the first place.

    My full scathing opinion of this, and other, bouts of careless in Microsoft’s WSUS system at: