The service is struggling for availability at a crucial moment of need for Windows users. Microsoft yesterday released four security updates, including three critical patches that Microsoft urged customers to install immediately. They include a patch for an SSL vulnerability that leaves Windows 2000 and NT4 SSL sites open to remote compromise. The current sluggish performance of Windows Update is a particular challenge for Windows users on dial-up Internet connections, as the Windows XP download is 3 megabytes.
"After the release of yesterday's security updates, the number of requests to Windows Update was double the usual volume," said a Microsoft spokesperson. "The slowdowns didn't last very long. We've added some system resources to support Windows Update, and are not seeing much trouble anymore."
This morning the DNS for windowsupdate.microsoft.com was being managed by Savvis Communications though its Digital Island content distribution network (CDN). CDNs help manage Internet traffic (including DDoS attacks) by using large, geographically distributed networks of servers to move files closer to the end user. Microsoft used a CDN service from Akamai to keep its web site online last August, when the Blaster worm programmed machines to launch a DDoS on the Windows Update site. Microsoft's strategy drew considerable attention, as the front page of the www.microsoft.com site was served by Linux machines on Akamai's network. Today Savvis was using Windows Server 2003 to manage the Windows Update traffic. This evening the site is being served from a netblock assigned to Hotmail, Microsoft's e-mail service.