Wednesday, September 21, 2011

Speeding Up WSUS Downloads

This post doesn't relate to pentesting directly, but it may help be useful to someone.   Windows Server Update Service or WSUS is the service that is responsible for enterprise patching in Microsoft Windows Environments.  It is scalable and extremely polished compared to the original SUS offering.  

I chose to build a WSUS server in a VM to solve the problem of patching my multiple standalone networks.  Many pentesters have attack labs which are likely not connected to the internet.  By installing a server on a portable hard drive, you can update the WSUS server through an internet connetion and then bring it into the lab network to patch your "vulnerable" machines.  

In case your wondering, I use my attack lab to test tools and ideas against as close to a real environment as I can create.  WSUS makes it extremely easy for an organization to push out Windows and Microsoft Office patches and I want my test environment to match.  You can easily control what machines receive what patches if you want to ensure that your MS08-067 exploit will still work for demo purposes.

The problem with this scenario is that patching will be irregular and WSUS is terribly slow at downloading updates.  There are several articles out there describing how to speed up WSUS downloads, but the method describe at http://support.microsoft.com/kb/922330 worked well for me.

Once you have the service installed and running properly, issue the following command from an elevated command prompt:

c:\>c:\program files\Update Services\setup\ExecuteSQL.exe -S wsus -d "SUSDB" -Q "update tbConfigurationC set BitsDownloadPriorityForeground=1"


Now open services.msc and restart the "Windows Update" service.


Finally, open the WSUS console and right click "Synchronizations" and select "Synchronize Now."



You should notice a dramatic increase in download speed.  The reason that WSUS downloads so slowly is to conserve network bandwidth and to ensure that the downloads resume if they are interrupted.  WSUS utilizes the Background Intelligent Transfer Service (BITS) which is seems to be considerably slower than a straight HTTP download.


References