locked
WSUS 3.0 pushing Silverlight install? RRS feed

  • Question

  • I have windows 2k8R2 servers that have MS Silverlight 5.1 installed. On my 2k8R2 WSUS server I have declined all Silverlight updates except for the ones labeled "Security". However I have servers that are installing Silverlight anyway. I cannot tell which KB it is that is installing it as when I look at the recently installed updates on my servers it only shows "Silverlight 5.1".

    Is it possible for WSUS to install/push software life that? I do not have SCCM, so I don't believe I should have that capability.

    Thank you.

    Tuesday, November 1, 2016 4:43 PM

Answers

  • Hi Brabbit,

    1. If we use WSUS server to deploy updates for clients, then only approved updates can be downloaded and installed by clients;

    2. WSUS server won't push any update to clients, it is the client behavior to detect, download and install updates from WSUS server;

    3. I search related update for "Silverlight 5.1" in WSUS server, while don't find related updates. You may also search the title of the update in WSUS server, check if there is a related update in WSUS server, and you approved the update. You may also check windowsupdate.log.

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Wednesday, November 2, 2016 7:27 AM
  • .....However I have servers that are installing Silverlight anyway. I cannot tell which KB it is that is installing it as when I look at the recently installed updates on my servers it only shows "Silverlight 5.1".

    Silverlight is published to WSUS as both "Security Update" and also "Feature Pack" classifications. Do you synchronize/deploy "Feature Pack" items?

    The most recent Silverlight released as KB3193713, in October2016..

    http://www.catalog.update.microsoft.com/Search.aspx?q=silverlight%203193713


    Don [doesn't work for MSFT, and they're probably glad about that ;]

    Wednesday, November 2, 2016 8:31 AM
  • Hi Brabbit,

    >I performed the search you mentioned. The only updates that were approved are classified as "Security Update for Microsoft Silverlight".

    As DonPick has mentioned in the above reply, it may be the cause that approved the update.

    If you don't use Silverlight, then, you may decline updates related with it.

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by Brabbit907 Wednesday, November 30, 2016 3:16 PM
    Friday, November 11, 2016 9:38 AM

All replies

  • Hi Brabbit,

    1. If we use WSUS server to deploy updates for clients, then only approved updates can be downloaded and installed by clients;

    2. WSUS server won't push any update to clients, it is the client behavior to detect, download and install updates from WSUS server;

    3. I search related update for "Silverlight 5.1" in WSUS server, while don't find related updates. You may also search the title of the update in WSUS server, check if there is a related update in WSUS server, and you approved the update. You may also check windowsupdate.log.

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Wednesday, November 2, 2016 7:27 AM
  • .....However I have servers that are installing Silverlight anyway. I cannot tell which KB it is that is installing it as when I look at the recently installed updates on my servers it only shows "Silverlight 5.1".

    Silverlight is published to WSUS as both "Security Update" and also "Feature Pack" classifications. Do you synchronize/deploy "Feature Pack" items?

    The most recent Silverlight released as KB3193713, in October2016..

    http://www.catalog.update.microsoft.com/Search.aspx?q=silverlight%203193713


    Don [doesn't work for MSFT, and they're probably glad about that ;]

    Wednesday, November 2, 2016 8:31 AM
  • Anne,

    I performed the search you mentioned. The only updates that were approved are classified as "Security Update for Microsoft Silverlight". The newest one in the last month is KB3193713. It seems prior to this update we did not have this issue. We have begun to uninstall Silverlight from our servers. But I'd like to prevent future issues. The other thing that concerns me is we have patches that are not "Security" and were denied but have managed to get installed on some of the servers. What concerns me more is that the numbers don't add up. Of the 10-20 that have unapproved patches installed  well around 80% of our servers have Silverlight installed and did not have this installed last month. If blocking Silverlight all together could solve the issue in the future that is fine, but would this leave vulnerabilities with the servers?

    Thank you again.

    Brabbit

    Wednesday, November 2, 2016 1:47 PM
  • Don,

    Synchronize? When I run synchronize it tells me how many new patches there are. We only Synchronize updates/patches for the following labels:

    Security Updates

    Definition Updates

    Critical Updates

    Anything outside of those should not synchronize with our WSUS. We only approve Security, Critical, and Service Packs. Now that I'm seeing this I see there are some other issues I will need to address.

    I'm rather new to WSUS. So apologies if I don't have all the information from the get-go.

    Thank you again.

    Wednesday, November 2, 2016 2:13 PM
  • Hi Brabbit,

    >I performed the search you mentioned. The only updates that were approved are classified as "Security Update for Microsoft Silverlight".

    As DonPick has mentioned in the above reply, it may be the cause that approved the update.

    If you don't use Silverlight, then, you may decline updates related with it.

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by Brabbit907 Wednesday, November 30, 2016 3:16 PM
    Friday, November 11, 2016 9:38 AM
  • Hi Brabbit,

    Could the above replies be of help? If yes, you may mark useful replies as answer, if not, feel free to feed back.

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, November 16, 2016 2:33 AM
  • Thank you. Everyone has been very helpful with this. I've marked the ones that were most helpful as answers.
    Wednesday, November 30, 2016 3:21 PM