Microsoft provides workaround for issues with KB3148812 WSUS update

If you’re a WSUS admin, this may come as a relief. Or not.

From Richard Hay at WindowsITPro

Windows 10 system overheating and CPU Core Parking

Another important note from CH:

I am writing to you this email to bring to your attention something that I believe a lot of your readers with older PCs are interested in finding out.

It seems that Microsoft removed the CPU Core Parking functionality in Windows 10, which for users not interested in gaming and using their computers most of the time for browsing and using Office applications creates an overheating problem for little or no reason. This is particularly a problem for users having Intel i7 CPUs any generation, possible other variations like i5 or i3.

Briefly, for those who are not aware of what this means, in Windows 7 the CPU cores not in use were ‘’parked’’ by the built-in Power Management, keeping active only a limited number of cores when the load did not require full power. In Windows 10 this functionality is no longer available by default, unless the registry is modified to mirror the Windows 7 registry for this functionality.

I provided the solution in this thread

https://social.technet.microsoft.com/Forums/ie/en-US/8d6085d8-2c26-426c-87ac-2ba189b77aa5/core-parking-not-working-after-upgrade?forum=win10itprohardware

few months ago and it looks like it was accepted as definitive by the Microsoft moderators and also by the end users who had no further comments.

In addition to what I posted on the Microsoft Forum, I normally set the maximum speed of the CPU in Power Management to 99% and the CPU Fan to Passive to avoid the built-in overclocking which is officially designated as Turbo Mode by Intel. This further reduces the heat generated by the CPU when the load does not require the CPU to work at full load.

I am expecting this tuning to significantly extend the life of the older CPUs and motherboards.

The newer motherboards using the Skylake CPUs may have other functionality built-in the CPU or chipset technology to mitigate the overheating effects mentioned above, although I don’t have any information if this is the case.

P.S. By setting the Power Plan in Windows 7 to High Performance, the CPU Core Parking is disabled. Only the Balanced (default) or the Power Saver plans have the Core Parking functionality enabled by default. The users with Windows 7 installed by the manufacturer may have custom power plans which need to be assessed individually. My references are only to the Microsoft power plans which are built in Windows. In Windows 10, the default Balanced Power Plan does not enable CPU Core Parking.

Unidentified Windows Update process

An interesting observation from Noel Carboni:

UPDATE Noel notes: It turns out ctldl.windowsupdate.com is a legitimate security check:

https://technet.microsoft.com/en-us/library/dn265983.aspx

Why Explorer did it is still a bit of a mystery, and it’s not from Classic Shell as it turns out I had the Classic Shell auto-update check already disabled on the Win 7 system.

Perhaps the expiration of a certificate invoked this behavior on all systems.

Another tiny piece in a very big puzzle…

In the past day I’ve observed my Windows 7, 8.1, and 10 systems all doing something uncommon:

My firewall blocked all these systems from communicating withctldl.windowsupdate.com.  Specifically, it’s Explorer.exe doing the trying.  Normally I do not see these different systems all do something similar like this at nearly the same time, and Explorer.exe only VERY rarely communicates online.  Curious, eh?

Know that I have everything set as manual as possible on all three of these systems.  Beyond the WU settings, I have Windows Update completely disabled and of course the firewall in place to block comms that are not explicitly allowed (and without reconfiguration, which I do when requesting updates, Windows Updates are not allowed).

Explorer itself is not normally in the habit of communicating online much at all, which makes these observations stand out.

These are excerpted from my DNS server logs, coincident in time with thewindowsupdate.com checks.  The other DNS resolutions for the Windows 7, 8.1, and 10 systems around the same times as the ctldl.windowsupdate.comchecks are listed in respective order.

DualServer20160419.log:[19-Apr-16 17:55:59] Client 192.168.2.44, crl.microsoft.com A resolved Locally to 23.14.84.171

DualServer20160419.log:[19-Apr-16 17:55:59] Client 192.168.2.44, ctldl.windowsupdate.com A resolved Locally to 96.16.98.112

DualServer20160419.log:[19-Apr-16 23:41:06] Client 192.168.2.32, crl.usertrust.com A resolved from Forwarding Server as 178.255.83.2

DualServer20160419.log:[19-Apr-16 23:41:07] Client 192.168.2.32, ctldl.windowsupdate.com A resolved Locally to 96.16.98.112

DualServer20160420.log:[20-Apr-16 08:31:49] Client 192.168.2.26, ctldl.windowsupdate.com A resolved Locally to 96.16.98.112

DualServer20160420.log:[20-Apr-16 08:31:49] Client 192.168.2.26, ocsp.startssl.com A resolved Locally to 23.14.84.171

DualServer20160420.log:[20-Apr-16 08:31:49] Client 192.168.2.26, www.classicshell.net A resolved from Forwarding Server as 184.168.173.1

I don’t think this is triggered by Classic Shell itself, which is installed on all three systems, since only one of the them actually checked classicshell.net, and it may just coincidence just because those were times the systems were logged-in.

I am imagining some kind of internal update process that’s occasionally kicked off inside Explorer itself.  I’ll be asking on the Classic Shell forum about this.

Microsoft releases 24 optional Windows patches

Here’s the overview Microsoft forgot to give us.

InfoWorld Woody on Windows

Surface Book, Surface Pro 4 firmware updates throw 800f0203 error, blue screens

The workaround doesn’t always work.

InfoWorld Woody on Windows

Anybody out there with a Surface Pro 3 and no Dock?

If so, do you see the new firmware updates?

I have an SP3, no dock, and I’m not seeing any firmware updates. It may be a timing issue – the updates are rolling out on a staggered basis – but it may be that only SP3 + Dock machines get the firmware patch.

Full report coming shortly in InfoWorld. There are problems – and I hit a couple of them.

Microsoft just released KB 3138378 and 3140245 for Windows 7

I have no idea what they do, they aren’t on the official Windows Update list, and there don’t appear to be KB articles for either.

They’re optional, unchecked, and I suggest you leave them that way.

Does the Malicious Software Removal Tool install itself automatically?

It looks like I’m wrong – and I’d appreciate your comments and observations. This from CH:

I see that you post a lot of replies saying that MSRT installs automatically regardless of the settings and the same about the Defender/MSE definitions.

While this may be the case about the definitions in most instances, although I am not so convinced that they still install with the service disabled and we agree that this is not the best practice, in the case of MSRT I think that this one comes as a regular update, even if it is just a scanner.

I still have to test if it installs automatically which I think it doesn’t (on Windows 7), but certainly comes as a separate patch which needs to be checked in the client before installing.

This discussion is in the context of any setting other than Automatically install updates obviously.

Although what I mentioned is primarily about Windows 7, I think the same applies to Windows 10 if the Group Policy is set to something else than the default Automatic.

Setting the Wireless connection to metered may behave differently though and maybe this is what makes you think that MSRT installs automatically.