WSUS Security Patches and the dce.psu.edu Realm

On Tuesday, April 12, 2016, Microsoft released three patches that complicated authentication with machines that are either connected to the Access domain or to other domains that have a trust to the dce.psu.edu realm. The three patches were temporarily held on the WSUS server so an analysis could be done.

The authentication change requires users to log in with userid@dce.psu.edu instead of just userid if a default domain has been set.

IdS has opened an incident with Microsoft, but we anticipate it will take some time for a resolution.

In consultation with OIS it has been determined that the risk of not installing these patches outweighs the inconvenience of the authentication change. As a result, on Monday morning we will re-approve the patches for installation in the central WSUS server. The default WSUS GPO in the Access domain, if applied, instructs workstations to download patches nightly at 3am and notify the user for installation.