|
Patch reliability is unclear, but widespread attacks make patching prudent. Go ahead and patch, but watch out for potential problems. |
-
Unidentified Windows Update process
An interesting observation from Noel Carboni:
UPDATE Noel notes: It turns out ctldl.windowsupdate.com is a legitimate security check:
https://technet.microsoft.com/en-us/library/dn265983.aspx
Why Explorer did it is still a bit of a mystery, and it’s not from Classic Shell as it turns out I had the Classic Shell auto-update check already disabled on the Win 7 system.
Perhaps the expiration of a certificate invoked this behavior on all systems.
Another tiny piece in a very big puzzle…
In the past day I’ve observed my Windows 7, 8.1, and 10 systems all doing something uncommon:
My firewall blocked all these systems from communicating withctldl.windowsupdate.com. Specifically, it’s Explorer.exe doing the trying. Normally I do not see these different systems all do something similar like this at nearly the same time, and Explorer.exe only VERY rarely communicates online. Curious, eh?
Know that I have everything set as manual as possible on all three of these systems. Beyond the WU settings, I have Windows Update completely disabled and of course the firewall in place to block comms that are not explicitly allowed (and without reconfiguration, which I do when requesting updates, Windows Updates are not allowed).
Explorer itself is not normally in the habit of communicating online much at all, which makes these observations stand out.
These are excerpted from my DNS server logs, coincident in time with thewindowsupdate.com checks. The other DNS resolutions for the Windows 7, 8.1, and 10 systems around the same times as the ctldl.windowsupdate.comchecks are listed in respective order.
DualServer20160419.log:[19-Apr-16 17:55:59] Client 192.168.2.44, crl.microsoft.com A resolved Locally to 23.14.84.171
DualServer20160419.log:[19-Apr-16 17:55:59] Client 192.168.2.44, ctldl.windowsupdate.com A resolved Locally to 96.16.98.112
DualServer20160419.log:[19-Apr-16 23:41:06] Client 192.168.2.32, crl.usertrust.com A resolved from Forwarding Server as 178.255.83.2
DualServer20160419.log:[19-Apr-16 23:41:07] Client 192.168.2.32, ctldl.windowsupdate.com A resolved Locally to 96.16.98.112
DualServer20160420.log:[20-Apr-16 08:31:49] Client 192.168.2.26, ctldl.windowsupdate.com A resolved Locally to 96.16.98.112
DualServer20160420.log:[20-Apr-16 08:31:49] Client 192.168.2.26, ocsp.startssl.com A resolved Locally to 23.14.84.171
DualServer20160420.log:[20-Apr-16 08:31:49] Client 192.168.2.26, www.classicshell.net A resolved from Forwarding Server as 184.168.173.1
I don’t think this is triggered by Classic Shell itself, which is installed on all three systems, since only one of the them actually checked classicshell.net, and it may just coincidence just because those were times the systems were logged-in.
I am imagining some kind of internal update process that’s occasionally kicked off inside Explorer itself. I’ll be asking on the Classic Shell forum about this.
-
Microsoft releases 24 optional Windows patches
Here’s the overview Microsoft forgot to give us.
InfoWorld Woody on Windows
-
Surface Book, Surface Pro 4 firmware updates throw 800f0203 error, blue screens
The workaround doesn’t always work.
InfoWorld Woody on Windows
-
Anybody out there with a Surface Pro 3 and no Dock?
If so, do you see the new firmware updates?
I have an SP3, no dock, and I’m not seeing any firmware updates. It may be a timing issue – the updates are rolling out on a staggered basis – but it may be that only SP3 + Dock machines get the firmware patch.
Full report coming shortly in InfoWorld. There are problems – and I hit a couple of them.
-
Microsoft just released KB 3138378 and 3140245 for Windows 7
I have no idea what they do, they aren’t on the official Windows Update list, and there don’t appear to be KB articles for either.
They’re optional, unchecked, and I suggest you leave them that way.
-
Does the Malicious Software Removal Tool install itself automatically?
It looks like I’m wrong – and I’d appreciate your comments and observations. This from CH:
I see that you post a lot of replies saying that MSRT installs automatically regardless of the settings and the same about the Defender/MSE definitions.
While this may be the case about the definitions in most instances, although I am not so convinced that they still install with the service disabled and we agree that this is not the best practice, in the case of MSRT I think that this one comes as a regular update, even if it is just a scanner.
I still have to test if it installs automatically which I think it doesn’t (on Windows 7), but certainly comes as a separate patch which needs to be checked in the client before installing.
This discussion is in the context of any setting other than Automatically install updates obviously.
Although what I mentioned is primarily about Windows 7, I think the same applies to Windows 10 if the Group Policy is set to something else than the default Automatic.
Setting the Wireless connection to metered may behave differently though and maybe this is what makes you think that MSRT installs automatically.
-
Yet another reason for showing filename extensions
I take flak, from time to time, from well-intentioned folks who say my insistence on having Windows show filename extensions is archaic.
Take a look at this report from Microsoft that describes several Trojans and how they’re dropped in spam emails.
If the person who created the screenshots had filename extensions turned off, the telltale “.js” wouldn’t appear in the listings of zipped files.
-
live.com and outlook.com refuse to show attachments
Interesting email from WC:
Lots of users having an issue with opening attachments on live.com andoutlook.com. See if you can find out what’s going on.
The only way to view the attachment is to forward it to another account.
I have a problem when opening an attached file from live.com. it says ‘Access Denied.’ When I forward and then open these emails in my gmail account – there is no issue with downloading the attachments. Today I have been unable to download or view attachments to emails. Things were working fine until now.
With Chrome, I am redirected to an ‘Access id denied’ page and on Edge I get a ‘HTTP 500 error. That’s odd… Microsoft Edge can’t find this page. ‘This page can’t be displayed, because this site’s server might be under maintenance or there could be a programming error.’
Can anybody else confirm or – more importantly – figure out a fix?
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
Solid color background slows Windows 7 login
by 58 minutes ago
-
Windows 11, version 24H2 might not download via Windows Server Updates Services
by 1 hour, 25 minutes ago
-
Security fixes for Firefox
by 3 hours, 2 minutes ago
-
Notice on termination of services of LG Mobile Phone Software Updates
by 2 hours, 49 minutes ago
-
Update your Apple Devices Wormable Zero-Click Remote Code Execution in AirPlay..
by 11 hours, 54 minutes ago
-
Amazon denies it had plans to be clear about consumer tariff costs
by 2 hours, 53 minutes ago
-
Return of the brain dead FF sidebar
by 8 hours, 56 minutes ago
-
windows settings managed by your organization
by 13 hours, 1 minute ago
-
Securing Laptop for Trustee Administrattor
by 21 minutes ago
-
The local account tax
by 4 hours, 35 minutes ago
-
Recall is back with KB5055627(OS Build 26100.3915) Preview
by 1 day ago
-
Digital TV Antenna Recommendation
by 17 hours, 27 minutes ago
-
Server 2019 Domain Controllers broken by updates
by 1 day, 12 hours ago
-
Google won’t remove 3rd party cookies in Chrome as promised
by 1 day, 14 hours ago
-
Microsoft Manager Says macOS Is Better Than Windows 11
by 1 day, 17 hours ago
-
Outlook (NEW) Getting really Pushy
by 20 hours, 4 minutes ago
-
Steps to take before updating to 24H2
by 10 hours, 53 minutes ago
-
Which Web browser is the most secure for 2025?
by 1 day ago
-
Replacing Skype
by 13 hours, 4 minutes ago
-
FileOptimizer — Over 90 tools working together to squish your files
by 1 day, 11 hours ago
-
Excel Macro — ask for filename to be saved
by 9 hours ago
-
Trying to backup Win 10 computer to iCloud
by 12 hours, 50 minutes ago
-
Windows 11 Insider Preview build 26200.5570 released to DEV
by 3 days, 17 hours ago
-
Windows 11 Insider Preview build 26120.3941 (24H2) released to BETA
by 3 days, 19 hours ago
-
Windows 11 Insider Preview Build 22635.5305 (23H2) released to BETA
by 3 days, 19 hours ago
-
No April cumulative update for Win 11 23H2?
by 2 days, 7 hours ago
-
AugLoop.All (TEST Augmentation Loop MSIT)
by 3 days, 19 hours ago
-
Boot Sequence for Dell Optiplex 7070 Tower
by 4 days, 10 hours ago
-
OTT Upgrade Windows 11 to 24H2 on Unsupported Hardware
by 4 hours, 58 minutes ago
-
Inetpub can be tricked
by 2 days, 22 hours ago
Remembering Woody
