Windows Server Update Services live to patch another day

Microsoft is extending support for a product scheduled for deprecation. Sadly for some, it's not Windows 10.

Support for Windows Server Update Services (WSUS) was due to end on April 18. However, Microsoft has since announced: "Based on your valuable feedback, we'll continue supporting driver update synchronization to Windows Server Update Services (WSUS) servers. This decision postpones previous plans to end this support in April 2025."

Microsoft made the call two weeks before support was due to be pulled, which is not ideal for planning, but handy for customers who would not be able to meet the original deadline.

Disconnected device scenarios appear to be the leading cause of the rethink. It seems that Microsoft's alternatives, such as the cloud-based Intune and Windows Autopatch, can't currently fulfill that need. Microsoft's original plan was to have drivers available on the Microsoft Update Catalog but stop them from being imported into WSUS.

While some administrators might applaud Microsoft's decision, others regard WSUS as unsuited to modern needs.

Gene Moody, field CTO at Action1, pointed out that when WSUS debuted more than 20 years ago, the IT world was very different – primarily static and less connected. Patching was less frequent, and enterprises had fewer options.

• Your days of driver sync via Windows Server Update Services are numbered
• Microsoft hits go on Windows 11 24H2: Fresh features, bugs, and a whole lotta AI
• Admins using Windows Server Update Services up in arms as Microsoft deprecates feature
• Microsoft adds features to Windows 11 monthly – managing it is your problem

"But let's be honest," he told The Reg. "We've long outgrown it. The volume, velocity, and complexity of today's patching needs demand more than what a two-decade-old system can offer.

"WSUS lacks the capabilities essential for today's security demands: it doesn't enforce updates, doesn't provide real-time visibility, and can't distinguish between an offline laptop and a device with connectivity issues.

"With these fundamental limitations, WSUS is a hands-on, high-maintenance system that simply can't keep pace with the modern security landscape. In 2025, that's not just outdated – it's a security liability.

"Organizations that still rely on WSUS to secure their endpoints are effectively playing defense with a blunt instrument."

As for the decision to keep the lights on a little longer, Moody said, "Microsoft's apparent shift in stance on WSUS is likely driven by the limited but critical scenarios where its use is still non-optional. These include environments where WSUS is explicitly mandated by contractual and or legal obligations, or where it remains the only viable method for servicing multiple Windows clients in air-gapped or highly restricted networks.

"This reversal should not be misinterpreted as Microsoft abandoning its long-term goal of phasing out WSUS in favor of cloud-based solutions. Rather, it highlights a significant oversight in their broader strategy, namely; the assumption that all systems can eventually be connected to the cloud. Some cannot, and never will be."

While WSUS is outdated compared to modern patching solutions, Microsoft's decision to keep support running a while longer highlights that, right now, it can't fully replace the old warhorse with something from its newer stable of services.

It is, however, only a temporary reprieve and not a glimmer of hope for the future. ®