Data Integrity Check between on-premises WSUS to MS WSUS

All replies

• 

  

  0

  Sign in to vote

  Hi Girish,
    

  Thank you for posting here.
  I found an explanation in this article "Secure WSUS 3.0 Deployment".
    

  • Updates consist of two parts: the metadata that describes the update, and the files to install the update on a computer. Microsoft mitigates the risk of sending update files over an unencrypted channel by signing each update. In addition to signing each update, a hash is computed and sent with the metadata for each update. When an update is downloaded, WSUS checks the digital signature and hash. If the update has been altered, it is not installed.
      

  For reference, the following thread also discusses this issue, and Lawrence also did some analysis: "Does WSUS verify patch authenticity?"
    

  Hope the above can help you.
    

  Regards,
  Yic

  ---

  Please remember to mark the replies as answers if they help.
  If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

  Friday, March 22, 2019 6:04 AM
• 

  

  0

  Sign in to vote

  Hi,
   

  Any update is welcome here.
  If the issue is resolved, share your solution or find the helpful response "Mark as Answer" to help other community members find the answer.
   

  Thank you for your cooperation, as always.
   

  Regards,
  Yic
  

  ---

  Please remember to mark the replies as answers if they help.
  If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

  Monday, April 8, 2019 7:59 AM