About fixing third-party software vulnerabilities in an isolated network

The process of fixing third-party software vulnerabilities in an isolated network is shown in the figure and described below. You can repeat this process periodically.

The process of transmitting patches and the list of required updates between the Administration Server with internet access and isolated Administration Servers

Every Administration Server isolated from the internet (hereinafter referred to as an isolated Administration Server) generates a list of updates that are required to be installed on managed devices connected to this Administration Server. The list of required updates is stored in a specific folder and presents a set of binary files. Each file has a name that contains the ID of the patch with the required update. As a result, every file in the list points to a specific patch.

By using an external device, you transfer the list of required updates from the isolated Administration Server to the allocated Administration Server with internet access. After that, the allocated Administration Server downloads patches from the internet and puts them in a separate folder.

When all patches are downloaded and located in the special folder for them, you move the patches to every isolated Administration Server from which you took a list of required updates. You save patches to the folder created especially for them on the isolated Administration Server. As a result, the Install required updates and fix vulnerabilities task runs patches and installs updates on managed devices of the isolated Administration Servers.