Skip to content Accesskey=4Skip to sub-navigation Accesskey=3View our Accessibility Options MIT Information Services and Technology Home About IS&T Contact IS&T Site Map Search Advanced Search
Getting StartedGetting Services by Topic or Alphabetically Getting Help

On This Page

What is MIT Windows Update Service?

Subscribing to WAUS


Related Links

Features

Advanced Installation and Configuration Instructions

Windows Domain Machines

Explanation of Registry Settings

Approved Updates


Tips

Help Desk
computing-help@mit.edu
617.253.1101

MIT Windows Automatic Update Service (WAUS)

What is MIT Windows Automatic Update Service?

The MIT Windows Automatic Update Service (WAUS) enables the MIT community to utilize Microsoft's "Automatic Update" feature with a more conservative selection of patches -- focused on critical security updates -- than those available directly from Microsoft. This service may be used by MIT faculty, staff, and students on MIT-owned and personal machines. Computers in the win.mit.edu domain are subscribed to MIT WAUS by default.

Supported Operating Systems: This service currently supports Microsoft Windows 2000 SP 4 and above - Server and Professional Editions, Windows XP, Windows Server 2003, Windows Vista and Windows Server 2008. Both the 32-bit and 64-bit versions of these operating systems are supported. Itanium based systems are also supported where applicable.

Deployment Policy: WAUS provides a subset of updates to those available through Microsoft's Windows Update (or Automatic Update) Service. This service provides MIT with the ability to not make available certain patches which have shown to be harmful or are not critical. Security patches for Windows, Internet Explorer, Microsoft Office, etc. for vulnerabilities that are considered "Critical" or "Important" by the Microsoft Security Team and are available from Windows Update will be available from the WAUS Service within 48 hours of their availability on Windows Update. In some instances patches rated "moderate" will be included deplending on their relevance to the MIT community. During the 48 hours before the patch is available, IS&T will monitor various industry lists for reports of that patch causing problems in other environments.

IS&T has the ability to make the patch available more quickly if the conditions necessitate. Should Microsoft release an "out of cycle" critical security patch, that is a patch which Microsoft has deemed critical enough to release ahead of their monthly deployment schedule, IS&T will release the patch on an accelerated schedule.

WAUS also has the ability to deploy Service Packs for many Microsoft products. The policy for service pack deployment differs from patches, we do not deploy them immediately after their release. Deployment usually depends on the demand for the new features included in the pack. Currently WAUS provides SP 4 for Windows 2000, SP 2 for Windows XP, and SP 1 for Windows Server 2003. MIT WAUS also includes support for Microsoft Office products. Check the Approved Updates page for details regarding deployed packages.

Note

Important Note:

A Note about Service Pack 2 for Windows Server 2003/Windows XP 64 bit Edition and Service Pack 3 for Windows XP:

MIT WAUS plans to release Service Pack 2 of Windows Server 2003 and XP 64 bit Edition in June of 2008 now that Microsoft has resolved the Scalable Networking Pack issues and has released a hotfix which we deployed in March of 2008. Windows XP Service Pack 3 will not be released earlier than August of 2008.


IMPORTANT NOTE About SUS Registrations: If you reinstall the operating system on your computer you must reregister - unless your computer is part of a domain that uses this service via group policy such as win.mit.edu. If you are registered for WAUS you are also automaticaly subscribed to Office Updates as well.

The MIT WAUS service currently runs Microsoft WSUS Server 3.0 SP 1.

A Note about Office Service Packs: MIT WAUS has released Service Pack 3 of Office 2003 and Service Pack 1 for Office 2007 as of April of 2008.

A note about 2007 DST changes: In August of 2005, the United States Congress passed the Energy Policy Act, which changes the start and end dates of daylight saving time (DST). Starting in the spring of 2007, daylight saving time (DST) start and end dates for the United States will transition to comply with the Energy Policy Act of 2005. DST dates in the United States will start three weeks earlier, at 2:00 A.M. on the second Sunday in March: March 11, 2007. DST will end one week later, at 2:00 A.M. on the first Sunday in November: November 4, 2007. These dates are referred to as the "extended DST period."

The February 2007 deployment of MIT WAUS includes Update Rollup KB931836. This is called a rollup because it is a re-release of Microsoft's 2007 DST patch KB928388. KB931836 supersedes and replaces update KB928388, which was released in November 2006, and includes additional time zone changes that were signed into law after update KB928388 was created. KB931836 patches Windows XP, XP x64 Edition, Windows Server 2003, including x64 and Itanium-based systems. This update is not available for Windows 2000, and is not required for Windows Vista.

In January 2007, Microsoft made the Time Zone Data Update Tool for Outlook available for download. This tool can update calendar items in Outlook to accommodate the changes in DST during the extended DST period. It is required to update calendar items that occur during the extended DST periods for Microsoft Outlook 2000, 2002, 2003 and 2007. Outlook 2007 can automatically detect the DST change and prompt the process that updates a person's calendar to comply with the new daylight saving time rules. However, the Time Zone Data Update Tool contains enhancements that improve what is available in Outlook 2007 and should be run instead of the out-of-the-box Outlook 2007 experience. Detailed information from Microsoft on the Outlook tool is available at the following URL: http://support.microsoft.com/kb/931667

A note about Internet Explorer 7: Internet Explorer 7 was deployed by MIT WAUS on January 11, 2007

A note about Windows 2003 Service Pack 1: Windows 2003 Service Pack 1 has been deployed by MIT WAUS (WSUS) as of January 12th 2006.

A note about Windows XP Service Pack 2: Windows XP Service Pack 2 has been deployed by MIT WAUS (WSUS) as of January 24th, 2005.

KB885443 Hotfix: Microsoft released a hotfix for Windows XP SP2 to address a bug where a machine can blue screen if certain third party drivers are interacting with mup.sys improperly. We encountered this at MIT because many of us use McAfee Virus Scan which contains such a third party driver. Our testing showed that the XP SP2 hotfix worked to mitigate the problem. During our testing of the April 2005 patch releases we found that the new patches introduced this issue to Windows 2000. We reported this to Microsoft and sent them diagnostic data. Microsoft has now backported this hotfix to Windows 2000 as well. In addition, we have been informed that the fix has been included in Service Pack 1 for Server 2003 but no separate hotfix has been packaged. If the machine gets a stop message, disconnect the network cable and boot the computer, then reconnect the cable and logon. Install the hotfix and reboot. To obtain the hotfixes for XP SP2 and 2000 see below

KB885443 for Windows 2000
KB885443 for Windows XP SP2

A note about MS04-028: Microsoft released security patch MS04-028: Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987). The following updates are being deployed via MIT WAUS to address this vulnerability: 833989 Windows 2000 IE 6 SP1 and 833987 Windows XP SP1 and 2003 (XP SP2 is not vulnerable but Office and other apps should still be updated).

Users of Microsoft Office products will still need to update their Office installations and check other imaging applications in addition to the patches listed above to fully patch their systems. Microsoft has outlined a three step process to check systems for this vulnerability:

Step 1: Windows Update: This has been automated for MIT WAUS or Microsoft AutoUpdate users.
Step 2: Office Update: See the Office Update Site for more information. This step has been automated for MIT WAUS or Microsoft AutoUpdate users.
Step 3: Run ActiveX Control in "Step 3" of Security Update for GDI+ to search other known affected applications.

Subscribing to WAUS

Any PC running Windows 2000 SP3 and later, Windows XP SP1 and later, Windows Server 2003 or Windows Vista can be configured to use this service. Both the 32 bit and 64 bit versions of these operating systems are supported. By using this service, you agree to have your patch installation statistics recorded by the server. These statistics are extremely useful for IS&T to determine what percent of the Windows community is protected when high-profile vulnerabilities arise and to warn system owners if that system failed to apply a particular patch.

Basic Installation
Note: See the Domain Installation Instructions for configuring machines in a domain via Group Policy.

  1. Download one of the following registry files, depending on the way you would like WAUS to be configured for your machine:
    • Option 1: Download mitsus.reg
      This is Microsoft's Automatic Download and Install option (polls after 17 hours and installs the next 1 A.M.).

    • Option 2: Download mitsus-n.reg
      This is Microsoft's Automatic Download and Notify option (manual confirmation to install and reboot, polls after 17 hours).
      Note:       The mitsus-n.reg file allows a local administrator to deselect and select downloaded patches for installation.
  2. You may select Open when prompted, or run the registry file (.reg) you just downloaded by double-clicking on it. You will then be asked if you want to add the information in this .reg file to your Windows registry.

  3. Click Yes, then OK when the operation is complete.

  4. Restart the machine to make the settings effective. You can verify the proper contents of the .reg file online.

If you are in a domain, it is likely that these settings will be over written by the domains Group Policy. You should check with your administrator to apply the change via group policy. Refer to the Administrator Control via Policies document for instructions on configuring for WAUS via Group Policy.

Unsubscribing from WAUS

The un-registration process removes SUS policy settings from your registry and leaves the AutoUpdate service pointing at the Microsoft site, which is the Windows default setting. This unregistration process is only valid for machines not controlled by SUS settings set via domain group policy.


Note: See the Domain Installation Instructions for configuring machines in a domain via Group Policy.


  • Step 1: Download unregister-mitsus.reg
    You may select Open when prompted, or run the registry file (.reg) you just downloaded by double-clicking on it. You will then be asked if you want to add the information in this .reg file to your Windows registry.
  • Step 2: Run forceupdate.exe or restart the AutoUpdate service

    The AutoUpdate service should start polling the Microsoft site within ten minutes

    • [Back to top]
    MIT Home | Getting Started | Getting Services | Getting Help | About IS&T | Accessibility
    Ask a technology question or send a comment about this web page.