On Thursday (Aug 8) Microsoft announced the forthcoming content for Patch Tuesday – Aug 13, 2013.

 

Number of Releases: 8

Critical Security Updates: 3 addressing vulnerabilities in Windows, Internet Explorer, and Exchange Server 2007/2010/2013.

Important Security Updates: 5 addressing vulnerabilities in Windows.

 

You can have Microsoft's security bulletins sent directly to you:

To receive automatic notifications whenever Microsoft Security Bulletins are issued, subscribe to Microsoft Technical Security Notifications.

 

Microsoft also hosts a webcast where they discuss the releases, typically the Wednesday after Patch Tuesday:

Microsoft will host a webcast to address customer questions on the security bulletins on Aug 14, 2013, at 11:00 AM Pacific Time (US & Canada).

Register now for the July Security Bulletin Webcast. After this date, the webcast is available on-demand.

 

You can also follow the MSRC team at @MSFTSecResponse.

 

Updates are typically released by Microsoft at 10am PDT (5pm UTC).

Configuring WSUS servers to synchronize relative to that time can be helpful in expediting availability of these security updates.

One of the questions that I continue to encounter from new WSUS Administrators relates to taking approvals for updates deployed to a testing group, and easily duplicating those approvals onto one or more production groups. In this article we’re going to look at how to do that using the WSUS native console.

 

It’s actually a very simple process, but we’re going to do a step-by-step in the article. The process goes like this:

 

  1. Create a Custom Update View to show the updates approved for the test group.
  2. Select the newly created view and customize the view.
  3. Select the updates to be approved for the production group and approve.

 

Step 1: Create a Custom Update View to show the updates approved for the test group.

 

In the WSUS console, select the Updates node in the console.

New Update View 1.png

Right click and select New Update View…

New Update View 2.png

In the section Step 1: Select properties” check the third option in the list “Updates are approved for a specific group”.

 

Add Update View Step 1.png

In the section Step 2: Edit the properties click on the hyperlink for “a specific group” and select your test group from the list of groups. In this example we've selected "Test Computers".(If you have multiple different test groups, you’ll need to create a custom update view for each test group.)

Add Update View Step 2.png

In the section Step 3: Specify a name enter a view name appropriate to the defined content. Here we've named the view "Test Group Approvals".

 

Add Update View Step 3.png

Step 2: Select the newly created view and customize the view.

 

After selecting the view, you’ll likely want to modify the view a bit to make it more efficient for this use.

  1. On the filters, set Approval=”Approved” and Status=”Any”.
  2. Right click on the column header and add the Release Date and Arrival Date columns in the view.
  3. Click on the Release Date column header to sort the view with newest release date on top.

 

Test Group Approvals View.png

The Approval column can provide a key indicator as to the updates you’re interested in selecting. Aside from focusing on the updates with a release date consistent with your patch collection, the Approval column can be used to provide hints to the updates approved only for the test group. In the Approval column it’s likely the case that the entry looks like “Install (1/#)” where the value ‘1’ represents the test group as the only current approval target, and the value ‘#’ represents the total number of target groups configured on your WSUS server. We can see that this server has ten target groups defined (including "All Computers" and "Unassigned Computers").

 

Step 3: Select updates to be approved for the production group and approve.

 

Using the Release Date column and/or the Approval column, identify the updates to be approved for the production group(s). Select the updates using Shift-Click or Ctrl-Click. Right click and select "Approve" from the context menu.

 

Here I’ve selected three updates approved for the Test Group and will approve them for the Win2008R2 group.

Add Approvals.png

 

Update Views are Per-User

 

Make special note that these custom update views in the WSUS Admin Console are created on a per-user basis, so if multiple administrators need this view, it will need to be created on each console.

 

SolarWinds Patch Manager

 

You can also create this update view in SolarWinds Patch Manager, but Patch Manager provides an even better (and easier) way to do this, and I talk about that in this Geek Speak article.

 

Part 1: Package Creation Fundamentals, August 7, 2013, 11am CT

Lawrence Garvin, SolarWinds Head Geek and WSUS MVP, will provide an overview of the detection logic used by the Windows Update Agent and how that determines the update states reported to WSUS (Installed, Not Installed, Not Applicable), the three rule sets (Prerequisite, Applicability, and Installed) thate comprise the detection logic and how they are used in the detection process, focusing on the six detection logic rules that are used in 99% of package creation activities. 

 


Part 2: Creating Packages with Patch Manager, September 4, 2013, 11am CT

Lawrence Garvin, SolarWinds Head Geek and WSUS MVP, will discuss how to create basic and advanced packages with the Package Wizard feature of Patch Manager.  He will also discuss how to use the PackagBoot™ function to create complex before and after deployment scenarios.  Bring your questions and we’ll answer them!

 

 

Register here. Can't make it? Register anyway and we'll send you a link to the recorded webcast.

SolarWinds uses cookies on its websites to make your online experience easier and better. By using our website, you consent to our use of cookies. For more information on cookies, see our cookie policy.