Not quite "SUS on a disk", but...

I've been asking Microsoft for some time to release a "SUS on a disk" - an ISO image format, and maybe an updater tool, that would allow an admin to create a DVD-R that they could then drag along to a machine that is either disconnected or poorly connected, or not allowed to connect out to the Internet.  Such a disk would be really useful for those of us called to upgrade machines of our friends and family, too.

Well, today on MS Downloads, I noticed the following:

"January 2006 Security and Critical Releases ISO Image"

If this isn't new, I haven't seen it before - and while it's not quite SUS on a disk, it's pretty damn close.

Thanks for listening, Microsoft!

Now, because nothing is ever perfect, some suggestions for MS:

  1. This is only Windows Update, not Microsoft Update.  Particularly, it doesn't include MS06-003 fixes, because that's Exchange and Outlook.  A MU-on-a-disk would be great, too.
  2. A baseline disk image of security/critical patches to date would be helpful, too - I appreciate that it would be huge.  Perhaps pick a date, make a baseline image, and provide a means to download mere updates to the image, rather than the whole image afresh, for people who like to have the "most complete" set of patches.
  3. Is there a tool to create our own WSUS-on-a-disk?  I'd love to have that tool, so that I can take a disk with me for systems that don't get network access even for patches. Or for mailing to my parents.
Published Tue, Jan 10 2006 11:40 by Alun Jones
Filed under:

Comments

# re: Not quite "SUS on a disk", but...

Subscribe to Technet. You get all updates released -ever- on DVD, sorted by Security bulletin, and they only lag about a month behind. It's money well spent considering the boatload of other technical resources and downloads you get shipped to you monthly.

Wednesday, January 11, 2006 3:22 AM by Brad C.

# re: Not quite "SUS on a disk", but...

While I'm comfortable waiting up to a month - several months, indeed - for unannounced vulnerabilities to wait unpatched, I'm not sure that I'm thrilled about the prospect of waiting a month to ship out patches to announced, patched vulnerabilities.

I don't disagree that TechNet is a valuable resource for most IT professionals, but for patch distribution to low-bandwidth sites, I really need a solution like this.

[Obviously, zero-bandwidth sites are not so much of an issue - but for low-bandwidth sites, it's likely that a hacker will reverse-engineer the patch, make an exploit, and email it to the site before the site can finish downloading the patch.]

Wednesday, January 11, 2006 11:02 AM by Alun Jones

# re: Not quite "SUS on a disk", but...

I've been looking for the same kind of solution. Putting a machine on the network 24/7 is also a threat if the business operation in not an online business.

Wednesday, January 11, 2006 11:13 AM by Adnan Rafik

Leave a Comment

(required) 
(required) 
(optional)
(required) 
If you can't read this number refresh your screen
Enter the numbers above: