Join our chat on Microsoft’s decision to retire Windows Server Update Services!
Microsoft has dropped some unwelcome news for system admins, with the company announcing it is deprecating the Windows Server Update Services (WSUS) feature.
Microsoft made the announcement as part of a list of features that have been removed or deprecated in the Windows Server 2025 preview.
Windows Server Update Services (WSUS) is no longer actively developed, all the existing capabilities and content continue to be available for your deployments.
The company’s Nir Froimovici said the move was made in an effort to simplify Windows management.
As part of our vision for simplified Windows management from the cloud, Microsoft has announced deprecation of Windows Server Update Services (WSUS). Specifically, this means that we are no longer investing in new capabilities, nor are we accepting new feature requests for WSUS. However, we are preserving current functionality and will continue to publish updates through the WSUS channel. We will also support any content already published through the WSUS channel.
Needless to say, the news is not sitting well with some admins. Eric Siron, a Microsoft MVP, acknowledged that WSUS has not received much love in recent years, but said deprecating it didn’t seem like the right solution.
Agreed that WSUS is a horrifically underdeveloped nightmare. But, this is not the answer. The answer is modernizing WSUS or replacing it. There’s nothing wrong with having better tools in Azure with an attached price tag. The problem comes from emptying the niche that WSUS occupies.
People need to stop thinking about this as, “I will approach this news on my systems with…” That’s not the problem. Of course, you will come up with a solution that works, and of course you will keep your systems patched. That’s not the point.
Siron points out the potential security implications of WSUS being deprecated, and the increased risk sensitive information will become vulnerable to hackers.
Realize right now that there is a 100% chance that one or more of these organizations has your personal information, credit card numbers, health records, all kinds of things. As soon as WSUS goes away, there’s a 100% chance that your data will wind up on a system that the organization didn’t want to pay to patch, somebody in subordinate.IT.company failed to properly beg someone in IT.company to patch, or OOPSIE somebody didn’t check the monthly patch result on. The risk is bad enough with WSUS. Again, look up Melissa and SQL Slammer. I forgot MSBlast, that one had a patch available before it was ever exploited, too, and still caused all kinds of drama. Anyway, the point is that it doesn’t have to be a system that you’re responsible for to become your problem.
The end of WSUS is a gift to attackers.
It’s clear that Microsoft wants to move people to Azure and its cloud services, but deprecating something like WSUS without providing a replacement solution may end up causing significant headaches down the road.