September Patch Tuesday fixes HTTP-based intranet servers

Teodor Nechita
by Teodor Nechita
Author
0 Comments
Download PDF
Affiliate Disclosure

  • The September Patch Tuesday Updates brought cumulative updates to all versions of Windows 10
  • All of this month's cumulative updates bring fixes to a major server vulnerability.
  • If you want to learn more about this update process, head over to our Patch Tuesday section.
  • Need help improving your PC skills with Windows? Look up the articles from our Windows 10 section.
CUmulative update improves proxy

With the release of this month’s much-expected Patch Tuesday updates, a plethora of new fixes, enhancements, and security improvements have come to all versions of the Windows OS.

Of course, some updates stand out more than others, either because they bring a few extra features, or because applying them may subject you to some unforeseen issues.

However, the September Patch Tuesday updates all bring one major fix that concern the use of HTTP-based intranet servers.


A major networking vulnerability has been addressed

According to the official Microsoft Changelogs, one particular change has been brought to al major versions of Windows 10, ranging from Windows 10 v1507 all the way to Windows 10 v2004.

This fix reads as follows:

  • Addresses a security vulnerability issue with user proxies and HTTP-based intranet servers. After installing this update, HTTP-based intranet servers cannot leverage a user proxy by default to detect updates.
    • Scans using these servers will fail if the clients do not have a configured system proxy.
    • If you must leverage a user proxy, you must configure the behavior using the Windows Update policy “Allow user proxy to be used as a fallback if detection using system proxy fails.”
    • This change does not affect customers who secure their Windows Server Update Services (WSUS) servers with the Transport Layer Security (TLS) or Secure Sockets Layer (SSL) protocols.
    • For more information, see Ensuring clients stay secure, changes to scans against Windows Server Update Service (WSUS) servers.

Apparently, starting from an undisclosed time period, a client that didn’t have their proxies configured could still be used to access the servers and perform scans.

Thankfully enough, Microsoft came and added some explanations on how to configure your proxies to now be compatible with the latest changes.

Additionally, they went on and added that not everyone was targeted by this update, such as those using the Transport Layer Security (TLS) or Secure Sockets Layer (SSL) protocols for added protection.


That pretty much wraps it up with this major fix. If you need a summary of the September Patch Tuesday, we have written this article for you where we included all of the most important changelogs, along with direct download links so that you can get the updates right away.

Speaking of which, always remember that these monthly updates are here for a reason, as they are the result of months-long investigations and troubleshooting, so applying the patches as soon as possible is extremely important.

For more information on how to make sure that the update process goes smoothly, check out this list of steps that need to be followed, and you’ll be all find.

What’s your take on this change made during the September Patch Tuesday Updates of 2020?

Let us know whether or not you will be applying the cumulative updates immediately or not by leaving us a message in the comments section below.