About fixing third-party software vulnerabilities in an isolated network
The process of fixing third-party software vulnerabilities in an isolated network is shown in the figure below. You can repeat this process periodically.
The process of transmitting patches and the list of required updates between the Administration Server with internet access and isolated Administration Servers
Every Administration Server isolated from the internet (hereinafter referred to as an isolated Administration Server) generates a list of updates that must be installed on managed devices connected to this Administration Server. This list of updates is stored in a specific folder as a set of binary files, each named with the ID of the patch containing the necessary update. Therefore, each file in the list corresponds to a specific patch.
The list of required updates is transferred from the isolated Administration Server to the designated Administration Server with internet access by using an external device. After that, the designated Administration Server downloads patches from the internet and places them in a designated folder.
When all patches are downloaded and placed in the designated folder, they are then transferred back to each isolated Administration Server from which the list of required updates was obtained. The patches are saved in a folder specifically created for them on each isolated Administration Server.
As a result, the Install required updates and fix vulnerabilities task runs patches and installs updates on managed devices of the isolated Administration Servers.