Microsoft Reminds Admins To Prepare For WSUS Driver Sync Deprecation

Microsoft is reminding IT administrators that WSUS driver synchronization will be deprecated on April 18, 2025, urging them to transition to cloud-based update solutions like Windows Autopatch, Azure Update Manager, and Microsoft Intune. "For on-premises contexts, drivers will be available on the Microsoft Update catalog, but you won't be able to import them into WSUS," the company said in a Windows message center update on Tuesday. "You'll need to use any of the available alternative solutions, such as Device Driver Packages, or transition to cloud-based driver services for your organization, such as Microsoft Intune and Windows Autopatch." BleepingComputer reports: This reminder follows two other warnings issued since June 2024, announcing the deprecation of WSUS driver synchronization and encouraging customers to adopt Redmond's newer cloud-based driver services. The company also revealed in September 2024 that WSUS had been deprecated, but Microsoft added that it plans to keep publishing updates through the channel and maintain all existing capabilities. This announcement came after WSUS was listed on August 13 as one of the "features removed or no longer developed starting with Windows Server 2025."

"Specifically, this means that we are no longer investing in new capabilities, nor are we accepting new feature requests for WSUS," Microsoft's Nir Froimovici said at the time. "However, we are preserving current functionality and will continue to publish updates through the WSUS channel. We will also support any content already published through the WSUS channel."

Remind me again why I do not trust the MS cloud?

[gweihir]

Ah, yes, because it got hacked and they did not even notice for two years (!) and one of their customers had to alert them: https://www.cisa.gov/sites/def... [cisa.gov]

Re:

[Tha_Zanthrax]

Or is the many years of mediocre products with very little interoperability with 3rd party systems?

Re:

[commodore73]

I am ashamed to admit it here, but I have begrudgingly used Windows for decades, primarily due to preferring M$ office to alternatives (Word has been an incredible tool for writing). I really can't believe that anyone uses google docs for any significant writing projects, and that's just another evil empire anyway. Other than WSL (without which, I almost certainly would have switched to Linux completely by now, as I stopped doing C# a few years ago), the M$ ecosystem just gets worse all the time, but Linux

Re:

[gweihir]

I recommend LibreOffice. My experience is that it wastes less of your time.

Re:

[Luckyo]

Libreoffice is great for normal office work.

The main thing missing is the collaboration tools, which are very much behind microsoft. But that's understandable, people behind libreoffice don't have a massive cloud to upsell people on.

So as long as you're willing to set up things in google and such for missing collaboration tools, libreoffice is great.

Re:

[unrtst]

FWIW, it sounds like you're almost over the hardest part - swapping out MS Office. It doesn't sound like the rest should be much of a problem.

* MS Office: If needed in a pinch, you can also use the web version in office365.

* OneDrive: There are multiple ways to use it from Linux (personally, I use rclone; See here for others: https://www.reddit.com/r/selfh... [reddit.com]). There are also LOTS of alternatives. Most cloud file service or sync stuff works on Linux as well, so it's really finding the thing that has the fea

Re:

[commodore73]

Thanks for this! My thing about VS Code, OneDrive, and github is M$ training its LLMs on my data. I am certain that no matter how many times I opt out, I will be opted back in, generally without knowing about it. Maybe I'm just being greedy; my code and thoughts aren't actually that valuable.

Re:

[unrtst]

I won't disagree with that one iota! If you've got stuff in those now, it may already have been used in LLM training - RUN AWAY! :-)

FWIW, I ran into rclone only this past year and it's been a fantastic find. It can sync between different services even, so you can sync your OneDrive data to Dropbox, for example. It also supports Bidirectional sync, in addition to one direction sync. You can also mount any of those into your filesystem, so you don't need to download/sync the data to interact with the files on

Re:

[kbonin]

FWIW VSCodium on Linux works very well - VS Code without the Microsoft "telemetry", I use it daily...

Re:

[r0nc0]

The one thing I have yet to replace is OneNote and its ability to be literally an engineering/science notebook with equations and notes. Unfortunately OneNote is tied to OneDrive so I am unable to use it any longer

Re:

[ArmoredDragon]

If your company does any sort of high end engineering, Windows is basically indispensable. There are all kinds of niche engineering and analysis applications that literally won't run on anything else.

Re:

[commodore73]

I don't work in engineering fields other than software (which seems less like real engineering by the day of "progress"), but that's interesting, as I would expect such disciplines to be the type of software/user population that suits Linux well (along with anything server). I speculate that the vendors saw more revenue potential on Windows, and now they're stuck with it? I always thought that Windows was mostly for "business" users, .NET developers, and in the past at least, gamers, or anyone who bought a

Re:

[ArmoredDragon]

The only engineering I personally do is software related. However, occasionally I'm asked to analyze software that aerospace (emphasis on space) engineers need to use to see if it's safe to deploy in our environment. We use Linux quite a lot, but very rarely for that kind of stuff, and in the few cases I've been asked, there's always been a windows version available, but the opposite is rarely true.

In a previous job I worked for a diagnostic lab, and the same applied there as well. So I'd say this is true o

Re:

[thegarbz]

It's just as well that companies that manage their own security never get hacked. /s The cloud is just someone else's computer. You may be good at this computer thing, but for the vast majority of companies out there that "someone else" is better at looking after them. I don't trust the MS cloud. I don't trust any cloud. But I also don't trust any of our system admins at any company I've worked for, and frankly when it comes to state actors I don't even fully trust myself.

Re: Remind me again why I do not trust the MS clou

[drinkypoo]

Security is hard. For some people that is fun.

Re:

[thegarbz]

Not sure what you mean by "fun". It's just a fact of life. If you're looking for perfect security you won't find it. It doesn't exist.

Re:

[StormReaver]

It's just as well that companies that manage their own security never get hacked.

The odds are one large target with many easy victims vs many more difficult targets with one victim each. Attackers are going to go after the one large target with a huge return on effort. Even Windows systems are less likely to be compromised when they are a part of a large herd of other disparate Windows systems.

Windows can't be secured, but it can at least be obscured.

Re:

[thegarbz]

Someone needs to learn about security through obscurity. But you raise a good point, with Microsoft's cloud profile representing a significant chunk of Fortune 500 companies, the fact that they've been hacked once is a truly astoundingly GOOD achievement.

Re:

[gweihir]

I recommend you read the fist pages of that report. I gave that as a student assignment. The conclusion most students arrived at was "they did everything wrong".

Re:

[thegarbz]

I recommend you read the fist pages of that report. I gave that as a student assignment. The conclusion most students arrived at was "they did everything wrong".

I'm sure they did. And yet they've been hacked once despite having a profile that represents a huge portion of fortune 500 companies. I'm sure you've done something wrong in your life too. Did you get kicked to the curb or did someone assess how it could be prevented from occurring again? We live in a world where admins still set critical passwords to Passw0rd1 that's the competition. Or leave Amazon EC3 open with the default credentials. That's the competition here when it comes to intelligence or capabili

In other news

[vbdasc]

Microsoft reminds admins: "F you, peons. More hard work for you, for my amusement."

Because all systems are online

[Mousit]

This is especially fun for closed systems, ones that do not have Internet connectivity. Virtually everything these days assumes an online presence, even third-party patch management systems, so it's becoming harder and harder to actually keep a closed system patched. There's continuing erosion of support for loading patch bundles into the management system via sneaker-net.

And I say "closed", not "offline" or "air-gapped". In my case, I manage a utility control system that does not connect to the Internet (as we often say for various Slashdot stories, "do not connect important shit to the Internet"), but it does need to monitor the grid. Closed, company self-built private network to all the substations we own, all over the state. While there's no Internet connectivity, obviously in such a design it still has ingress attack points, even if it requires an attacker to break into a substation and gain access to locked down networking equipment. Anything's possible. So you don't want to make it any easier for them by having glaring, known flaws hanging out there in your system.

Further in our case, our utility is under NERC CIP federal regulations (not all utilities are under the strictest levels of CIP, which is why you hear about utilities with Internet connections and unpatched systems and such). CIP compliance has the force of law behind it. Thus, under CIP, patching isn't just a good idea, it's required by federal law. We MUST patch our systems. So then shit like this comes along "Oh use the cloud!" and the system we are ACTUALLY TRYING to keep secure either loses a critical piece of the patch puzzle, or we have to start giving it limited Internet access, either way lowering our security posture.

Fucking short-sighted everywhere. And yes, yes, before anyone points it out, I'm aware "don't use Windows if you want to be secure". Fuck off. Even with things like CIP we still have to deal with the realities of non-technical upper management and accounting. They know Windows. They want to buy Windows. Doesn't mean we're happy about it. Though I will admit one silver living of these all-cloud pushes: it starts making it easier to convince those non-tech C-suites to not buy Windows.

Though even fleet-level Linux patch management solutions are also starting to see some of this cloud creep, or at least "Internet connectivity expected", rather than easily allowing bundles to be loaded from an offline transfer/sneaker-net.

Re:

[Zocalo]

Hitting this kind of legislative/requirement conflict pretty hard as well, in our case across multiple clients in Government/Infrastructure/Military/Utility space that use closed networks. The general solution we have been using is Azure Cloud (because the problem is invariably Microsoft, and Azure supports everything you're going to need) with all the growing list of services that Microsoft insists you run from the cloud or have an Internet connection to use. That's all private and protected by a proxy s

Re:

[DarkOx]

we also have a kill switch (the VPN) we can thow to disconnect the whole lot from the closed network

Serious question, and not a criticism of your approach or analysis, but how often do you test this kill switch scenario?

My thinking on this is Microsoft withdrawing updates due to unexpected problems in the field is not without precedent. I also really wonder how much testing of corner cases like, Entra joined intune managed but used with local accounts primarily and does not have internet access immediately after applying the last update - get.

If it were me I'd be taking the approach of having a few test p

Re:

[Zocalo]

Depends on the client, but there's typically a cadence of activities to cover things like that - weekly, monthly, quarterly, etc. - with some variation between clients as to which tests go into which "buckets". Things like that would generally be annual as there going to be some disruption of potentially operational traffic when the VPN is dropped and you want to be sure everything comes back up cleanly when it's restored as well, so you're also testing the other systems can still properly handle the loss

Re:

[organgtool]

The general solution we have been using is Azure Cloud (because the problem is invariably Microsoft, and Azure supports everything you're going to need)

So Microsoft invents the problem by removing the method of updating Windows on servers and workstations that have single-payment licenses and aren't connected to the internet. And then they invent the "solution" of hosting all of your services on their Infrastructure-as-a-Service platform with continuous payments and forced internet connectivity via the cl

Re:

[Zocalo]

Yep. That's what you get for insisting on Microsoft in your stack; *more* Microsoft. They're not alone in this, of course, nearly every vendor is involved in some kind of bait and switch to try and upsell you into something extra, lock you into a subscription, and fleece you on support. Everyone seems to know and acknowledge this, yet even where more than capable open source alternatives exist getting someone to sign off on it, especially at higher SIL levels, is nigh on impossible, even though in many c

Re:

[sarren1901]

Some of this human behavior you are describing could very well be a deep seated tribalist roots. As you say, the higher SIL levels, the more impossible things become while in many cases both the application and community support is better. Those higher up bosses like to deal with other higher up bosses while us nerds are quite happy to deal with the other nerds.

We all like our little circles and we tend to turn to those circles first if given the option.

Regarding security in general, it's hard because most

Re:

[MancunianMaskMan]

never mind the federal CIP requirements.. federal government is deprecated as of February 2025

Re: Because all systems are online

[Unpopular Opinions]

Does not fix Microsoft latest (blindsided) move, but https://www.tanium.com/product... [slashdot.org]>Tanium Patch has solved a ton of our problems with WSUS and related, fragmented patching tools for all our systems out there that should not/cannot/will not have Internet access. YMMV, though.

What about dark sites?

[cj9er]

Not every customer can use a cloud option...

Or...

[MachineShedFred]

Or, and just hear me out on this: update drivers when you need to update drivers.

That way a Windows update doesn't install some age-old piece of shit over the top of NEWER WHQL-CERTIFIED DRIVERS and break shit. The last round of Windows Updates broke my wife's multi-display setup in her office because it felt the need to install a display driver that is older than the hardware release in her laptop. 18 month old display drivers auto-installed over 4-month old WHQL-certified drivers from the OEM. And because it's a business laptop, she doesn't have admin access to install the proper driver, so she has to contact IT and waste their time too.

That's the kind of automatic update nobody wants or needs.