WSUS is a great tool for administering and deploying Windows updates and patches to your clients and servers, but recent problems are causing my own faith in it to wear a little thin.
A while ago a a new package from Microsoft, the WDS 3.1 update, was mis-tagged by the WSUS team and thus auto-applied to a lot of WSUS users. This has caused lots of problems ranging from network congestion issues to the amount of time needed to remove the WDS package again on clients and servers. I still wonder why WDS is tagged as software for Windows Server 2003 though, as this is clearly a desktop product.
The newest problem is this, as posted in the WSUS blog
The cause of this issue is that, on Sunday evening, Microsoft renamed a product category entry for Forefront to clarify the scope of updates that will be included in the future. Unfortunately the category name that was used included the word Nitrogen in double quotes (appearing as “Nitrogen”). A double quote is a restricted character within WSUS, which created an error condition on the administration console. This issue occurred on many WSUS servers that synchronized with Microsoft servers between 5pm Sunday and 11am Monday Pacific Time.
This problem isn't as bad as the WDS affair, but it still illustrates that bad moves made by Microsoft and the WSUS team can adversely affect your production environment. In itself this isn't a huge issue, and it "autofixes" itself when your WSUS server downloads new updates according to your set schedule. But it seems amazing that a "stay" double-quote can pretty much disable the management console. Input validation guys, please. Also, how on earth did this slip through internal testing?
Again, Microsoft does a good job informing it's users through the WSUS blog and they are very open in explaining what has happened. If you do use WSUS in your environment, be sure to add the WSUS Blog to your feed reader now. You will get informed there if any problems arise.
WSUS as a product is of such a nature that it requires you to trust it, and to trust that the maintainers behind the Microsoft infrastructure that powers it. We've now had two issues in the last month, both of them should never have happened and with good testing/quality control regimes in place at Microsoft should never have been pushed out to it's corporate users. Both of these should have been avoided and caught long before customers where affected.
It's clear that Microsoft can not continue to make mistakes like this. They are directly responsible for this, and needs be sure that their customers trust the management solution.
Others are echoing my worries about the future of WSUS, especially Eriq Oliver Neale who has the same problems with trust and WSUS:
Wait, did I just say that running WSUS increases the risk vector for my clients? I thought the entire purpose of WSUS was to help reduce the risk vector for my clients. Ironic.
0 Comments so far