Changes to improve security for Windows devices scanning WSUS：Changes to improve security for Windows devices scanning WSUS - Microsoft Tech Community - 1645547

First, beginning with the September 2020 cumulative update, HTTP-based intranet servers will be secure by default. To ensure that your devices remain inherently secure, we are no longer allowing HTTP-based intranet servers to leverage user proxy by default to detect updates. If you have a WSUS environment not secured with TLS protocol/HTTPS and a device requires a proxy in order to successfully connect to intranet WSUS Servers—and that proxy is only configured for users (not devices)—then your software update scans against WSUS will start to fail after your device successfully takes the September 2020 cumulative update.

Changes to improve security for Windows devices scanning WSUS - Microsoft Tech Community - 1645547

Options to ensure that devices in your environment can continue to successfully scan for updates:

• Secure your WSUS environment with TLS/SSL protocol (configure servers with HTTPS).
• Set up system-based proxy for detecting updates if needed.
• Enable the “Allow user proxy to be used as a fallback if detection using system proxy fails” policy.

関連URL

• Changes to improve security for Windows devices scanning WSUS - Microsoft Tech Community - 1645547
• WSUS Attacks Part 2: CVE-2020-1013 a Windows 10 Local Privilege Escalation 1-Day | GoSecure
• GitHub - ctxis/wsuspect-proxy: WSUSpect Proxy - a tool for MITM'ing insecure WSUS connections

今からはじめるインシデントレスポンス――事例で学ぶ組織を守るCSIRTの作り方

• 作者:杉浦 芳樹,萩原 健太,北條 孝佳,中西 晶
• 発売日: 2020/04/17
• メディア: 単行本（ソフトカバー）