Software Updates Security Best Practices and Privacy Information

Update Software Ltd helps organisations collect, manage and publish data, documents and information. We provide tools for authoring, content management, XML and document transformation. Based in Oxford, England, since 1988, we have worked primarily with high-quality evidence-based material, creating and distributing world-renowned and ground-breaking web and CD-ROM-based electronic libraries.

Applies To: System Center Configuration Manager 2007, System Center Configuration Manager 2007 R2, System Center Configuration Manager 2007 R3, System Center Configuration Manager 2007 SP1, System Center Configuration Manager 2007 SP2
Applying the most recent security updates is a security best practice. Microsoft System Center Configuration Manager 2007 can make it easier to apply software updates to computers in your organization. However, there are some best practices to help prevent attackers from hijacking the software update infrastructure.

Security Best Practices

Do not change the default permissions on software update packages    By default, software update packages are set to allow administrators full control and users read access. Changing these permissions could allow an attacker to add, remove, or delete software updates.
Control access to the download location for software updates     The SMS Provider computer account and the user who will actually download the software updates to the download location both require write access to the download location. Restrict access to the download location to reduce the risk of attackers tampering with the software updates source files in the download location.
Use UTC for evaluating deployment times    If you use local time instead of UTC, users could potentially delay installation of software updates by changing the time zone on their computers.