Link to home
Create AccountLog in
Avatar of davis
davisFlag for United States of America

asked on

.NET only available 'critical' update - where are others?

When running Windows Updates on my Citrix Farm servers, the only 'High-Priority' update displayed is an update for .NET versions.  I am unable to run the .net updates as .NET 3.0 and above has an incompatibility isssues with one of our primary applications. There are surely other critical updates available, aside from this one, which are needed on the Citrix farm ( I have not run updates in several months).  How can I bypass running.net update and apply the other critical updates?  See attaced image for the only available 'High-Priority' update which is available to me on my current Windows 2003 Server installs.
NET-latest-Windows-updates.jpg
Avatar of sfossupport
sfossupport
Flag of United States of America image

The problem is your application that is incompatible. By supporting this you are keeping your machine vulnerable. I have a similar situation and I isolated these servers behind a NAT firewall. I use split-brain
DNS to keep these servers only visible to local clients
ASKER CERTIFIED SOLUTION
Avatar of David Johnson, CD
David Johnson, CD
Flag of Canada image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of davis

ASKER

These servers are behind a firewall and only acessible via the web through a Citrix WebInterface connection via SSL VPN. I believe best practices would back keeping up-to-date with critical security patches.  Ialso  took a look at the WSUS offline update but not sure what to make of it.  Not sure if it is a solution.  it seems better suited for a system which cannot access the internet.  
you could also use WSUS and disallow the install of the .net updates and approve the others and have the servers use the WSUS server for their updates (microsoft intune might also be an option(
Avatar of davis

ASKER

Currently, without the use of WSUS, the best option for me is to simply manually update using the 'other' option (as opposed to 'high-priority').  This allows me to choose all other udates aside from the.net.  The answer was right in front of me -- I should have looked to choose this option earlier. Thanks for your insight. For other systems, which do not have Internet access, the off-line updates look interesting.
Avatar of davis

ASKER

The WSUS offline update looks like a great tool.  In my case, with my system connected (online), I could simply bypass installing later .NET versions by choosing the 'Other' option.  A simply mistake on my part but the best option for my situation