Microsoft Fixes WSUS Servers Not Pushing Windows 11 22H2 Updates
Cyber Security Threat Summary:
Microsoft fixed a known issue impacting WSUS (Windows Server Update Services) servers upgraded to Windows Server 2022, causing them not to push Windows 11 22H2 updates to enterprise endpoints. While the updates would successfully download to the WSUS server, they failed to propagate further to client devices. The root cause stems from the accidental removal of .msu and .wim MIME types during the upgrade process to Windows Server 2022.
The issue only impacted WSUS servers that were running Windows Server 2022, specifically, those that were upgraded from Windows Server 2016 or 2019. Microsoft’s Configuration Manager which is part of Microsoft Endpoint Manager remains unaffected by the issue.
Security Officer Comments:
When the server is upgraded to Windows 2022 from previous versions, there is an issue that causes the accidental removal of required Unified Update Platform (UUP) MIME. This issue is compounded as newer server versions will miss security and feature updates.
Even though Microsoft addressed the issue by releasing the March KB5023705 cumulative update for Windows Server 2022, the company only updated the Windows health dashboard on Friday to acknowledge the fix.
Suggested Correction(s):
Microsoft also provides a workaround for admins who haven't installed KB5023705 and need a temporary fix. This requires them to re-add the accidentally removed UUP MIME types manually using PowerShell commands. You can find these PowerShell commands on Microsoft’s blog.
https://learn.microsoft.com/en-us/w...solved-issues-windows-server-2022#3005msgdesc
The missing file extensions can also be added back to impacted servers with the help of using the Internet Information Services (IIS) Manager by creating new MIME Types with the ".wim" (application/x-ms-wim) and ".msu" (application/octet-stream) extensions.
Link(s):
https://www.bleepingcomputer.com/