Custom Windows Patching Methodology - Comparative Analysis

Author

Brent Michael Henderson, Georgia Southern UniversityFollow

Term of Award

Fall 2018

Degree Name

Master of Science in Applied Engineering (M.S.A.E.)

Document Type and Release Option

Thesis (open access)

Copyright Statement / License for Reuse

This work is licensed under a Creative Commons Attribution 4.0 License.

Department

Department of Information Technology

Committee Chair

Christopher Kadlec

Committee Member 1

Cheryl Aasheim

Committee Member 2

Adrian Gardiner

Abstract

Windows Server Update Services has been a common mainstay among organizations with a heavy footprint of Windows operating systems since it was originally released as Software Update Services in 2002. While the product has grown in scope, the primary allure remains the same: WSUS offers organizations greater control over the patches that are released to their environment and saves bandwidth by allowing a centralized device to download and offer patches to internal clients rather than having each of those clients download the content they require from the Internet. Unfortunately, the product has a structural limitation in that it lacks the capacity to provide high-availability to the metadata synchronization process that must occur in order to deliver the most up-to-date patches to endpoints. WSUS metadata contains details about the individual updates, EULAs, and supersedence relationships.

Due to design limitations and the growing concern of outages, a solution was developed to supplement and perhaps replace WSUS in certain scenarios. This solution, dubbed the Custom Patching Manager (CPM), is an extension of a concept originally started by Alejandro Gómez Galindo and finds middle-ground between Windows Server Update Services and Windows Update using freely available software. The solution assesses the vulnerabilities of a system or systems, determines whether or not the patches are part of an approved list, determines whether or not the content for missing updates is available locally, acquires that content depending on the previous step, and applies the patches to the endpoint. This proof-of-concept proved functional and reliable but would benefit from some optimizations that have been recommended as future works.

OCLC Number

1085541976

Catalog Permalink

https://galileo-georgiasouthern.primo.exlibrisgroup.com/permalink/01GALI_GASOUTH/1r4bu70/alma9916218283402950

Recommended Citation

Henderson, Brent Michael, "Custom Windows Patching Methodology - Comparative Analysis" (2018). Electronic Theses and Dissertations. 1849.
https://digitalcommons.georgiasouthern.edu/etd/1849

Research Data and Supplementary Material

No