WSUS with Win7 and Win10...

[Yami]

And all the risk P2P ensues.

There's one major potential risk that may be an issue, which is that pushing these updates via P2P will presumably provide any receivers with your public-facing IP address. I haven't looked into it yet but I'm tempted to set up a research project for it and see how easy it is to find easily-compromised hosts by automatically scanning any addresses from which your receive updates. I need to look into it though, as I'd be surprised that Microsoft would set up such a service if it were that easy.

The other potential risk is updates being poisoned, which is spectacularly unlikely to be an issue since the list of updates always comes directly from Microsoft and all updates are signed.

 

[1etherer]

id like to see the results of that project, so please do it

 

[Yami]

id like to see the results of that project, so please do it

Depends on how bored I am, and how much time my girlfriend wants to take up the PC playing Sims 4

 

[1etherer]

Depends on how bored I am, and how much time my girlfriend wants to take up the PC playing Sims 4

Nooooo! not sims 4, my wife was hooked on that.. I had to get her, her own laptop.. such a crap game..

Good luck! i'd uninstall it, or put a GPO hash block on it

 

[Yami]

Nooooo! not sims 4, my wife was hooked on that.. I had to get her, her own laptop.. such a crap game..

She started work today so she'll have a lot less time to sink into time; my guess is that she'll lose interest as it's the sort of game (IMO) that's only fun if you have a lot of time to invest in it.

 

[setishock]

Hey Yami if you do this experiment, check which ports are opened by the update source program on the system. If a ping finds a port standing open it could possibly be exploited.

 

[C0RR0SIVE]

You guys should see the massive list of DNS requests windows sends out during startup...

dns.msftncsi.com
ipv6.msftncsi.com
win10.ipv6.microsoft.com
ipv6.msftncsi.com.edgesuite.net
a978.i6g1.akamai.net
win10.ipv6.microsoft.com.nsatc.net
en-us.appex-rf.msn.com
v10.vortex-win.data.microsoft.com
client.wns.windows.com
wildcard.appex-rf.msn.com.edgesuite.net
v10.vortex-win.data.metron.life.com.nsatc.net
wns.notify.windows.com.akadns.net
americas2.notify.windows.com.akadns.net
travel.tile.appex.bing.com
Bing
any.edge.bing.com
fe3.delivery.mp.microsoft.com
fe3.delivery.dsp.mp.microsoft.com.nsatc.net
ssw.live.com
ssw.live.com.nsatc.net
login.live.com
login.live.com.nsatc.net
directory.services.live.com
directory.services.live.com.akadns.net
bl3302.storage.live.com
skyapi.live.net
bl3302geo.storage.dkyprod.akadns.net
skyapi.skyprod.akadns.net
skydrive.wns.windows.com
register.mesh.com
BN1WNS2011508.wns.windows.com
settings-win.data.microsoft.com
settings.data.glbdns2.microsoft.com
OneSettings-bn2.metron.live.com.nsatc.net
watson.telemetry.microsoft.com
watson.telemetry.microsoft.com.nsatc.net


Those are all seen on a clean install at first run with nothing going on, and a lot of them from my understanding are also hardcoded into the system in the event DNS lookup fails.

Back to the original topic, I now know those updates are potentially updates related to M$ putting the same spying junk that's in Win10 onto Win7 machines. WSUS has been working fine with Win10 recently aside from it reporting the Win10 machines as Vista... Still...

 

[setishock]

On a network let's say for the sake of discussion, that there is a hardware firewall appliance. Could you not apply rules to block the requests and any outbound traffic if it can't?
In other words let it submit the request then shut the door on the outbound traffic afterwards.

That also could explain why when I reboot my machine it says > configuring windows. do not turn off your computer.
I have updates disabled in settings. So where's it coming from? I have noticed my machine has slowed down some recently.

 

[C0RR0SIVE]

The issue is, some those you have to have open, like the Akami CDN, otherwise, other things will break.