Blog Post

Windows IT Pro Blog

4 MIN READ

Changes to improve security for Windows devices scanning WSUS

Microsoft

Sep 08, 2020

With the September 2020 cumulative update for Windows 10, we introduced changes that help improve the security of devices that scan Windows Server Update Services (WSUS) for their updates. This post ...

Updated Feb 01, 2023

Version 4.0

servicing and updates

AriaUpdated

Microsoft

Joined June 22, 2018

View Profile

Windows IT Pro Blog

Follow this blog board to get notified when there's new activity

AriaUpdated

Microsoft

Feb 13, 2021

SAPacker Sorry for the delayed response. Our services using TLS 1.0 is no longer permitted per Microsoft policy (nothing to do with the above). Anything below TLS 1.2 poses a security risk to client machines, which is why it is no longer permitted.

That said, a client machine or WSUS server connecting to server sync, may be configured to use TLS 1.0 but our (Microsoft's) services should be requiring TLS1.2. If the client machine does not support TLS1.2 then the connection should fail. In no way should a client machine be required to use TLS 1.2. Note, if you are referring to clients talking to your WSUS server, it is totally up to the admin to decide if the server supports 1.2, 1.1, 1.0 or whatever.

If you have found this to not be the case it is likely a service config problem and I ask you to report it. 🙂