Please convert to plain text (.txt) before cut/paste If the update has been tampered with, it is not installed.” When an update is downloaded, WSUS checks the digital signature and hash. In addition to signing each update, a hash is computed and sent with the metadata for each update. Microsoft mitigates the risk of sending update files over an unencrypted channel by signing each update. This is also the way Microsoft Update distributes updates.Īs discussed earlier in this guide, updates consist of two parts: metadata that describes what an update is useful for, and the files to install the update on a computer. Note that WSUS only uses SSL for metadata. “WSUS also uses SSL to encrypt metadata passed between clients and downstream WSUS servers. WSUS also requires both HTTP and HTTPS ports, this is well documented: What additional benefit would using HTTPS offer? Absolutely nothing, it would just waste CPU performance. Since all Microsoft updates are signed, they are tamper-proof and thus secure regardless of whether the transport is secure. Agreed, and also with the click bait comment above.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |