Online criminals hate us. We protect you from attacks that antivirus can't block.

X-Ploit Resilience - Microsoft Updates overview

With Thor Foresight you can now apply Microsoft Updates to the Windows computers in your company’s environment.

The X-Ploit Resilience – Microsoft Updates feature allows the management of these patches, select which ones to deploy on the computers under the respective GP, delete or hide them, select to suppress the reboot of the machines after the installation is complete, as well as schedule when the computers to be restarted.

Microsoft updates can be done manually or automatically.

1.1 Manual deployment of an update means that you can manually select the available updates to be deployed.

For this process, you will have to log into the Heimdal Dashboard, go to the left panel, select X-Ploit Resilience, and then click on the Microsoft Updates tab.

path_1.PNG

In this view, the Microsoft updates are mainly categorized as follow us:

  • Installed – shows a list of updates already installed
  • Pending – shows a list of the updates that are in the process of installing
  • Available – shows a list of the updates that are available to be installed
  • Updates per endpoint – the total of updates (installed + pending + available) per endpoint

The total number of updates installed or available to install on your machines is displayed on the top page.

cathegorization.PNG

To manually deploy an update, go to the Available tab, select one Microsoft Update from the list and click on Install.

install.PNG

Once you will click on Install, a pop-up will show with three options:

install_pop-up.PNG

  • Suppress Reboot – the update will apply without an immediate restart
  • Global Install – the update will apply to all group policies for all endpoints
  • Custom policy global install – the update will apply globally to specific group policies. For this option, you can select in the bar the specific policy/policies the update to be applied

After you select the preferred option/options please click on YES to apply them.

Also, there is the possibility to arrange the Microsoft Updates after different criteria like title, KB, severity, devices, servers, CVE, and CVSS by clicking on each tab.

arrange.PNG

Additionally, if you click on a Microsoft Update a new page will open with more technical details.

click_on_update.PNG

more_details.PNG

 

Even more, for each Microsoft Update, it’s displayed a number of devices for which the update can be installed. If you click on the number, you will be redirected to another page that contains the name or names of the devices.

device2.PNG

device_details_2.PNG

 

1.2 Automatic deployment means that you allow the Thor Agent to automatically install and deploy the available updates.

For this type of deployment, you will have to select the first one of the Group Policy created, click on the Thor Foresight tab, then Xploit-Resilience, and choose Microsoft Updates.

automatic.PNG

In this view, you will have to select Enable Microsoft Updates or you can select just the Microsoft Vulnerability reporting only.

The Microsoft Vulnerability reporting only will only display the updates available but without applying them to the machines, the action described also by the top orange pop-up. Once this option is enabled all the below settings will be greyed out.

However, the updates will be removed from the list once they have been installed on the computers in the Group Policy.

M._vulnerabilty_reporting_tool.PNG

For the case that you select just Enable Microsoft updates, you can move forward with the customization of the below Settings.

The Install no restart required updates only will push automatically all the patches that do not require a restart after completion. 

restart.PNG

Suppress and install everything will install all Windows updates, no matter if they require a reboot and without restarting the computer automatically unless the reboot schedule is activated.

settings.PNG

If Enable Agent notifications for reboot is activated a message will be displayed by the Thor agent on the end user's computer that a restart is necessary to finish the installation.

agent_notifications.PNG

Server Source allows Heimdal Security to download the updates from the servers you chose. There are two choices available. If Default is selected the updates will be downloaded from the source configured on the machine and if Windows Updates is selected any other 3rd party or WSUS will be bypassed so that the updates are fetched from Microsoft servers.

server_source.PNG

Enable installation by category helps control which updates you want to install by category.

installation_by_category.PNG

Also, these updates can be arranged by different criteria like title, KB, severity, release date, Added ON, and Suppress Reboot by clicking on each tab. Additionally, in the Suppress Reboot category, you can individually select which update you want to not reboot.

arrange2.PNG

Windows Updates Check Interval - this option will allow you to control how often should Heimdal check for available Windows Updates. The minimum is 720 min. While the Forced Reboot Delay will allow controlling how much you can delay the forced reboot, up to 60 minutes.

check_interval.PNG

The Enable Delaying Windows Updates option allows postponing the updates for a number of days after their release, selecting from 1 to 31 days. This setting will override the customization of the scheduler. 

enable_delaying.PNG

For the Microsoft Updates the user has control when they should be deployed, being allowed to set a schedule from the Enable Microsoft Updates Schedule

enable_schedule.PNG

Enable Microsoft Updates Reboot Schedule allows the selection of a timeframe when devices will be restarted after each update that requires a reboot was installed.

Force reboot during time selection will restart the computer no more than once in the selected timeframe even if there were no updates installed requiring a reboot.

reboot.PNG

After everything has been selected and adjusted, the user must Update Policy for the changes to take effect.

update_policy.PNG

What changes does the Heimdal Thor Agent apply on your machines when Microsoft Updates is enabled?

  • Set delivery optimization: (It is used to enable disable win updates delivery optimization feature)

"SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Settings"

DownloadMode -

"SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config"

DODownloadMode

DownloadMode_BackCompat

----------------------------------------------------------------------------

  • Change scheduler settings: (It is used to prevent windows using the scheduler to reboot pc in order Heimdal to control reboot time)

"SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate"

SetActiveHours

ActiveHoursStart

ActiveHoursEnd

----------------------------------------------------------------------------

  • Change automatic updates settings: (It is used to deactivate windows automatic updates module)

"SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU"

AUOptions

NoAutoUpdate

ScheduledInstallDay

ScheduledInstallTime

 

Windows Updates with "Vulnerabilities reporting"

A new pop-up is displayed when trying to install Windows Updates for group policies that have “Microsoft Vulnerability reporting only” enabled. Agreeing to continue will disable “Microsoft Vulnerability reporting only” for the selected group policies and install the selected update.

 

Windows updates - CVE correlation KB

The CVE correlation with the KB code was improved using the Microsoft API. The information displayed in the Windows Updates section is up to date, according to the latest information available from Microsoft.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Article is closed for comments.