Microsoft fixes bug preventing Azure Virtual Desktop security updates
The bug has been a problem since July
Microsoft this week resolved a bug that prevented Azure Virtual Desktop (AVD) devices from downloading and installing monthly security updates via Windows Server Update Services (WSUS). This issue had been ongoing since July.
According to an advisory, Microsoft was investigating a problem where devices running Windows 10 Enterprise multi-session, version 1909 might not download updates after May 2021.
"This is observed in the Settings app under the Windows Update setting, which will display the message 'You're up to date' even if no updates later than May 2021 have been installed," the advisory said.
Both the client (Windows 10 Enterprise multi-session, version 1909) and server (Windows Server multi-session, version 1909) versions of the software were affected.
Microsoft said it addressed the issue in the KB5005565 cumulative update in September for systems running Windows 10, version 2004, and later. There was no explanation as to why it took so long to implement the fix.
The advisory laid out two workarounds to fix the issue and enable users to deploy monthly security updates on Azure Virtual Desktop systems using WSUS if they were unable to the KB5005565 update.
The first workaround asks users to deploy the latest images from the Azure Marketplace, which will be up to date with all security updates. “We recommend that you deploy the latest image to your existing devices which run Windows 10 Enterprise Multi-Session, version 1909 (Azure Virtual Desktops (AVD)),” the advisory stated.
The second workaround, where image redeployment is not an option, requires users to manually download and install missing security updates from the Microsoft Update Catalog.
“Microsoft publishes monthly security updates on the second Tuesday of each month. You can download these updates from the Microsoft Update Catalog as Microsoft Update (.msu) files and deploy them using your management solution,” said Microsoft.
When these files are downloaded, organizations can add them to their endpoint management system and deploy them to devices running Windows 10 Enterprise or Education, version 1909.
The news comes as Microsoft finally makes Windows 11 available on Azure Virtual Desktop. Microsoft said that while the new operating system is out now, Trusted Launch is at preview. This is used to enable TPM 2.0 and secure boot as part of the VM configuration to take full advantage of the security capabilities in Windows 11.
Four strategies for building a hybrid workplace that works
All indications are that the future of work is hybrid, if it's not here alreadyFree webinar
The digital marketer’s guide to contextual insights and trends
How to use contextual intelligence to uncover new insights and inform strategiesFree Download
Ransomware and Microsoft 365 for business
What you need to know about reducing ransomware riskFree Download
Building a modern strategy for analytics and machine learning success
Turning into business valueFree Download