Radia - General Discussions

 
 
Jim Longo
Microsoft releases out-of-band security update to fix IE zero-day & Defender bug
Microsoft released out of band security patches that are not yet available in the wsusscn2.cab file. If you require a XML descriptor file to install the security patches please open a case with the IE version if applicable, OS and Architecture.  For example, IE 11, Win7, Win8.1, Win10 (1607 LTSB. 1709, 1803, 1809, 1903) x86/x64.

 

https://www.zdnet.com/article/microsoft-releases-out-of-band-security-update-to-fix-ie-zero-day-defender-bug/

Microsoft has released an emergency out-of-band security update today to fix two critical security issues -- a zero-day vulnerability in the Internet Explorer scripting engine that has been exploited in the wild, and a Microsoft Defender bug.

The updates stand out because Microsoft usually likes to stay the course and only release security updates on the second Tuesday of every month. The company rarely breaks this pattern, and it's usually only for very important security issues.

This is one of those rare occasions, and Windows users are advised to install today's updates as soon as possible. The patch for the IE zero-day is a manual update, while the Defender bug will be patched via a silent update.

THE IE ZERO-DAY

Of the two bugs, the Internet Explorer zero-day is the most important one, primarily because it's already been exploited in active attacks in the wild.

Details about the attacks are still shrouded in mystery, and Microsoft rarely releases such details. What we know is that the attacks and the zero-day have been reported to Microsoft by Clément Lecigne, a member of Google's Threat Analysis Group.

This is the same Google threat intel team that has detected the attacks with iOS zero-days against members of the Chinese Uyghur community earlier this year. Those attacks also targeted Android and Windows users; however, it is unclear if the IE zero-day patched today is part of those attacks.

But what we know now is that IE zero-day is a very serious vulnerability. It is what researchers call a remote code execution (RCE) issue.

 

According to Microsoft, "the vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user."

"An attacker who successfully exploited the vulnerability could gain the same user rights as the current user," Microsoft said. "If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."

The attack requires luring an Internet Explorer user on a malicious website, which is a rather trivial task, as it can be achieved by various methods such as spam email, IM spam, search engine ads, malvertising campaigns, and others.

The good news is that Internet Explorer usage has gone down to 1.97% market share, according to StatCounter, meaning the number of users vulnerable to attacks is rather small, and attacks should be pretty limited in scope.

The IE zero-day is tracked with the CVE-2019-1367 identifier. In a security advisory, Microsoft lists various workarounds for protecting systems if today's update can't be applied right away. The security advisory also contains links to the manual update packages, which Windows users will need to download from the Microsoft Update Catalog and run on their systems by hand. The patch for the IE zero-day won't be available via Windows Update.

MICROSOFT DEFENDER DOS BUG

The second issue fixed today is a denial of service (DoS) vulnerability in Microsoft Defender, formerly known as Windows Defender, the standard antivirus that ships with Windows 8 and later versions, including the widespread Windows 10 release.

According to Microsoft, "an attacker could exploit the vulnerability to prevent legitimate accounts from executing legitimate system binaries."

The good news is that this bug isn't such a big issue. To exploit this bug, an attacker would first need access to a victim's system and the ability to execute code.

The bug allows a threat actor to disable Microsoft Defender components from executing, but if the attacker already has "execution rights" on a victim's computer, then there are many other ways to run malicious code undetected -- such as fileless attacks.

Nevertheless, Microsoft has released update v1.1.16400.2 to the Microsoft Malware Protection Engine, a component of the Microsoft Defender antivirus, to fix this issue.

This bug is tracked as CVE-2019-1255. Microsoft credited Charalampos Billinis of F-Secure Countercept and Wenxu Wu of Tencent Security Xuanwu Lab with discovering this issue.

0 0
Jim Longo
How to stop automatic updates on Windows 10 Pro

On Windows 10 pro, use the Local Group Policy editor or the Registry to disable automatic updates permanently. While automatic updates remains disabled, you can still download and install patches using Radia Patch Manager. Once you complete the steps, Windows 10 Pro will stop downloading updates from Microsoft automatically.


Disabling updates using gpedit.msc


To permanently disable automatic updates on Windows 10, use these steps:


1. Open Start.
2. Search for gpedit.msc and select the top result to launch the experience.
3. Navigate to the following path:
Computer Configuration\Administrative Templates\Windows Components\Windows Update
4. Double-click the Configure Automatic Updates policy on the right side.
5. Check the Disabled option to turn off the policy.
6. Click the Apply button.
7. Click the OK button.
8.Open a command prompt as administrator and run the following command.

gpudate /force

 
Disabling updates via the Registry

 

If you're running Windows 10 Pro, you can also disable automatic updates using the Registry.


Warning: This is a friendly reminder that editing the Registry is risky, and it can cause irreversible damage to your installation if you don't do it correctly. It's recommended to make a full backup of your PC before proceeding.


To permanently disable Windows Update using the Registry, use these steps:

 

1. Open Start.
2. Search for regedit and select the top result to launch the experience.
3. Navigate to the following path:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows
4. Right-click the Windows (folder) key, select New, and then click on Key.
5. Name the new key WindowsUpdate and press Enter.
6. Right click the newly created key, select New, and click on Key.
7. Name the new key AU and press Enter.
8. Right click on the right side, select New, and click on DWORD (32-bit) Value. Set the value to 1. 
9. Name the new key NoAutoUpdate and press Enter. Double-click the newly created key and change its value from 0 to 1.
10.Restart the system.

0 0
Jim Longo
Radia Patch Manager and Windows 10 Legacy Security Patching vs. new Cumulative model

Windows 10 (1809, 1903 +) Smaller Cumulative Update model

With the introduction of Windows 10 1809, Delta and Express patching has been discontinued leaving only a small Cumulative update. The new format will limit the size of the Cumulative update to around 300MB each month. 

 

The June Cumulative update for 1809 is only 238.0 MB and should max out at around 300 MB per month.

According to Microsoft:

Starting with 1809 for both client and server – Express will no longer be an option, as we are shifting to the PSFX model which has a lower overhead and results in greater efficiencies in updates. Please find the below blog for your reference.

https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/What-s-next-for-Windows-10-and-Windows-Server-quality-updates/ba-p/229461

 

Windows 10 Legacy OS (1607-1803) Express Updates, Cumulative Updates (Express support will end with Windows 10 1803)

With the introduction of Windows 10 Microsoft changed the security patch model by bundling all security patches into a single Cumulative update.  The Cumulative update includes all previous patches. As the Windows 10 Legacy OS ages the Cumulative update grows each month. 

 

The June 2019 Cumulative updates for Windows 10 1607 and 1803 and Windows Server 2016:

 

  • 2019-06 Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB4503267)

               Size: 1414.1 MB

 

  • 2019-06 Cumulative Update for Windows 10 Version 1803 for x64-based Systems (KB4503286)

               Size: 893.2 MB

 

Microsoft offered a Delta update that included only the difference from the previous month but required the system to be up to date to receive the Delta updates. The size of the Delta updates was usually about 30-40% of the Cumulative update. (Delta updates were discontinued in April 2019).  

Express updates (support will end with Windows 10 1803)

Express updates deliver only the Delta bits needed to bring the system into compliance and requires a WSUS Server to determine the Delta bits needed by each end-point. (As of this writing, Express update support will end with Windows 10 1803/Windows Server 2016 and will be replaced with a new Cumulative update format that will restrict the size of the update to 200-300MB per month.)

While Express updates deliver a smaller payload to the end-point similar in size to the previous Delta updates, Express updates increases disc space usage significantly on the infrastructure to accommodate very large Express file bundles. Enabling Express updates may result in longer Radia patch connect times and increased resource usage on the end-points. The WSUS Server and end-point Windows Update configuration add a layer of complexity outside of Radia as well.

 

  • The June 2019 Express update bundle for Windows 10 1607 is 8.62GB
  • The June 2019 Express update bundle for Windows 10 1803 is 5.4GB

 

Using Radia Download Manager to distribute security patches in the background

For customers who do not want to enable Express updates for a limited time, the Download Manager feature will help minimize the impact of the growing Cumulative updates for legacy Windows 10 OS.  

Enable Download Manager to transfer the files required to apply patches onto the managed devices in the background, outside of the usual Agent connect process. This option allows for bandwidth throttling and an automatic stop and start of the download until it completes.

 

If you would like more information on Windows 10 Security patching please open a case with support and we will schedule a call to discuss Windows 10 security patching in more detail. 

 

 

0 0
Jim Longo
Radia Patch Manager/Download Manager Options (background transfer of patch binaries)

 Radia Patch Manager can transfer patch binaries outside the normal patch connect by enabling the Download Manager option in Agent Options. This is advantageous when transferring large binaries like Windows 10 cumulative updates that may take a long time to transfer on slow networks. While the files are downloading in the background the end-point can continue to be managed by the Radia agent. Once the download of the patch binary is complete the patch can be applied or deferred until the next patch connect.

Download Manager can be used without the metadata only option. When using metadata only, the download manager is automatically enabled. 

Review the Radia Admin guide for more details regarding Download Manager. 

Patch Agents can be patched with or without the use of the Download Manager option. Without it, the Agent connect handles the download of the required patch files in a foreground process. In contrast, the Download Manager uses a background process to handle the passive download of the required patch files onto the Agent.

Download Manager runs independently and downloads the binaries. If the user turns off the machine or is disconnected from the network during the download, on reboot, the timer ensures that the Download Manager resumes downloading the binary from the point where it stopped. If Apply patches after download completion is set to Yes, Download Manager automatically
triggers a new Patch Agent Connect.

Enable Download Manager to transfer the files required to apply patches onto the managed devices in the background, outside of the usual Agent connect process. This option allows for bandwidth throttling and an automatic stop and start of the download until it completes.

0 0
Jim Longo
Windows 7/10 monthly rollups/cumulative updates are being marked (superseded=Y) after 2 months

Windows 7 monthly rollups and Windows 10 cumulative updates are being marked (superseded=Y) after the previous months update(P+1) during the acquisition when (Mark Supersedence for all the bulletins) is set to yes in the acquisition job. Only the current and previous month Windows 7/10 monthly rollups/cumulative updates can be managed when mark supersedence for all bulletins is set to yes in the acquisition job. It is best practice to install the latest updates.

 It is possible to download and manage superseded bulletins by setting the (Download Superseded Patches for all the bulletins) to yes in the acquire job but this will install outdated patches that will not have the latest updates. This option should only be used if there is a problem with the current and previous updates that prohibit them from being distributed. 

 

Windows 7 

 

Current rollup:

Title="2019-05 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4503292)" 

 

Previous rollup:

Title="2019-05 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4499164)"  QNumber="4499164"  Superceded="N"

 

Previous +1

Title="2019-04 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4493472)"  QNumber="4493472"  Superceded="Y" SupercededByBulletin="MS-KB4499164" 

 

 

Windows 1803

 

Current cumulative:

Title="2019-06 Cumulative Update for Windows 10 Version 1803 for x64-based Systems (KB4503286)" 

 

Previous cumulative:

Title="2019-05 Cumulative Update for Windows 10 Version 1803 for x64-based Systems (KB4499167)"  QNumber="4499167" Superceded="N"

 

Previous +1

Title="2019-04 Cumulative Update for Windows 10 Version 1803 for ARM64-based Systems (KB4493464)"  QNumber="4493464"   Superceded="Y" SupercededByBulletin="MS-KB4499167"

 

 

Windows 10 1809

 

Current cumulative:

Title="2019-06 Cumulative Update for Windows 10 Version 1803 for x64-based Systems (KB4503327)" 

 

Previous cumulative:

Title="2019-05 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB4494441)"  QNumber="4494441"  Superceded="N"

 

Previous +1

Title="2019-04 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB4493509)"  QNumber="4493509"  Superceded="Y" SupercededByBulletin="MS-KB4494441"

 

0 0
Jim Longo
KB4500331 / WinXP and Win2K3 critical security patch released by Microsoft

In May 2019, Microsoft released 4500331, a critical security patch  for "remote code execution vulnerability" on WinXP and Win2K3 systems. 

 

Windows 7 is also vulnerable and should be patched using the May Windows 7 Security Only(4499175) or Monthly Rollup(4499164). 

 

Radia Patch Manager can mange KB4500331 on WinXP and Win2K3 using a custom XML file that is available upon request. Open a case with Accelerite support and request a copy of the MSC-KB4500331 custom XML file.  

 

https://support.microsoft.com/en-us/help/4500331/windows-update-kb4500331

Description of the security update for the remote code execution vulnerability in Windows XP SP3, Windows Server 2003 SP2, Windows Server 2003 SP2 R2, Windows XP Professional x64 Edition SP2, Windows XP Embedded SP3, Windows Embedded POSReady 2009, and Windows Embedded Standard 2009

 

Here is a Computerworld article on the subject:

https://www.computerworld.com/article/3395538/if-youre-running-windows-xp-7-or-associated-servers-patch-them.html

 

 

 

 

0 0
Nathan Truitt
Remote device OS deployment

Looking for ideas on how to recover remote devices from a major event requiring OS rebuilds. These devices are scattered throughout the U.S. and Canada on slower links in offices containing two to eight workstations. Our 10.0 CP1 Core\Satellite servers are centralized in three geographic locations. Ideally we would like to pull the winpe.wim, image.wim and package files from a device local to the office. There is currently only a single partition on each Windows 7 device. The Windows 10 devices were built with a single partition but when Bitlocker is enabled the required second partition is created. Thanks for the input.

1 0
Jim Longo
Acquiring .NET Patches using Radia

When acquiring the .NET security updates there is a top-level KB number that includes the .NET sub products.

As an example, For 2-2019, the .NET the top-level bulletin is KB4487078 which includes the 3 sub .NET sub products/kb numbers (KB4483451, KB4483455, KB4483458). The 3 sub kb numbers are included under the top-level kb number.

An acquisition for MS-KB4487078 will acquire all 3 sub kb numbers/patches (KB4483451, KB4483455, KB4483458) under a single bulletin MS-KB4487078.

 

See the KB article below for more details.

https://support.microsoft.com/en-us/help/4487078/security-and-quality-rollup-updates-for-net-framework-3-5-1-to-4-7-2

 

Security and Quality Rollup updates for .NET Framework 4.7.2, 4.7.1, 4.7, 4.6.2, 4.6.1, 4.6, 4.5.2, and 3.5.1 for Windows 7 SP1 and Server 2008 R2 SP1 (KB 4487078)


4483451 Description of the Security and Quality Rollup for .NET Framework 4.7.2, 4.7.1, 4.7, 4.6.2, 4.6.1, and 4.6 for Windows 7 SP1 and Server 2008 R2 SP1 and for .NET Framework 4.6 for Server 2008 SP2 (KB4483451)

4483455 Description of the Security and Quality Rollup for .NET Framework 4.5.2 for Windows 7 SP1, Server 2008 R2 SP1, and Server 2008 SP2 (KB4483455)

4483458 Description of the Security and Quality Rollup for .NET Framework 3.5.1 for Windows 7 SP1 and Server 2008 R2 SP1 (KB4483458)

 

To determine the top-level kb number for .Net visit a .NET kb article on the web for any of the .NET products and the find additional information section. The Security Update Summary page lists all security patches released by Microsoft. 

https://portal.msrc.microsoft.com/en-us/security-guidance/summary

 

Using KB4483451 as an example we can identify the top-level kb number as 4487078.

 

https://support.microsoft.com/en-us/help/4483451/description-security-and-quality-rollup-for-net-framework-4-6-to-4-7-2

 

Additional information about this update


For more information about this update as it relates to Windows 7 Service Pack 1 (SP1) and Windows Server 2008 R2 SP1, see the following article in the Microsoft Knowledge Base:


4487078 Security and Quality Rollup updates for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows 7 SP1 and Server 2008 R2 SP1 (KB 4487078)

 

0 0
Jim Longo
How to retire bulletins from the CSDB editor in Production using RadDButil and Perform a Patch DB Synchronization

NOTE: Before retiring bulletins from the CSDB editor it is very important to un-entitle the bulletins from Radia Policy first. If bulletins are retired before removing them from policy the result will be a 650 error during the Radia agent connect.

 

There are 2 ways to remove old bulletins from the CSDB editor.

 

1.> Use the Console and add the bulletins to the retire section and run an acquisition. During the next acquisition the bulletins listed in the retire section are removed from the CSDB editor. This method may not be available in Production if the acquisitions are not executed in Production. If acquisitions are not executed in Production follow the steps it item #2 below.

 

 

2.>   If acquisitions are not executed in production use the RadDButil command line to remove old bulletins from the CSDB editor. The following example will remove MS-KB4462214 from the CSDB editor. The raddbutil.exe is in the ConfigurationServer/bin folder.

 

Copy this syntax into notepad and create a batch file named radDButil_Patch_Delete.bat in the ConfigurationServer/bin folder to it can be reused when needed. Change the bulletin ID to the bulletin ID that will be retired.

 

raddbutil.exe delete -walk 1 -ignore PRIMARY.SYSTEM.PROCESS.*+PRIMARY.SYSTEM.ZMETHOD.*+PRIMARY.PATCHMGR.CMETHOD.*+PRIMARY.PATCHMGR.METADATA.*+PRIMARY.PATCHMGR.OPTIONS.*+PRIMARY.PATCHMGR.PATCHARG.*+PRIMARY.PATCHMGR.PRODUCT.*+PRIMARY.PATCHMGR.RELEASE.*+PRIMARY.PATCHMGR.SP.*+PRIMARY.PATCHMGR.PG2PR.*+PRIMARY.PATCHMGR.PROGROUP.*-preview 0 PRIMARY.PATCHMGR.ZSERVICE.MS-KB4462214(SYNC)

  

When using RadDButil to remove old bulletins it may be necessary to Perform a DB Synchronization from the console to remove the bulletins from the Patch ODBC database and reporting.

 

 

0 0
Jim Longo
How to manage 3rd party software (Notepadd++) with Patch Manager using a custom XML file. 

Applicable to Win7, Win8.1, Win10

 

Custom XML files can be used to manage many 3rd party updates via Radia Patch Manager. Below is an example of using a custom XML file to manage Notepad ++. This concept can be expanded to include many 3rd party software updates. 

 

In the following example, Notepad++ will be installed if it does not exist and updated if it exists. This desired state can be changed depending on customer needs. For instance, we can change the desired state to only update Notepad++ if it exists and ignore if it does not exist.

 

Radia Service Name

NOTEPAD-PP-7-6-4

 

Steps:

1.> Copy the NOTEPAD-PP-7-6-4.xml into the PSL\RCA\Data\PatchManager\patch\custom folder.


2.> Acquire NOTEPAD-PP-7-6-4 using the following technote.

 

https://support.accelerite.com/hc/en-us/community/posts/360030207912-How-to-create-an-acquisition-job-without-updating-the-wsusscn2-cab-file

 

3.> Assign NOTEPAD-PP-7-6-4 in policy to install or update Notepad++ to 7.6.4 using Radia Patch Manager.

 

Copy the following code into a text file and rename the file to NOTEPAD-PP-7-6-4.xml

 

<Bulletin PopularitySeverityID="0" Rollback="N" Type="Security" URL="https://notepad-plus-plus.org" FAQURL="https://notepad-plus-plus.org" MitigationSeverityID="0" Vendor="MICROSOFT" Supported="Yes" ImpactSeverityID="0" SchemaVersion="1.0" PreReqSeverityID="0" CVEName="" DateRevised="20190309" Source="custom" Name="NOTEPAD-PP-7-6-4" Title="NOTEPAD++ 6.9.1" DatePosted="20190309" Platform="winnt">
 <Products>
<Product Name="Windows 7 (MU)" FixedInRelease="0" Tag="bfe5b177-a086-47a0-b102-097e4fa1f807">
            <Releases>
                <Release Name="Windows 7 (MU)" Tag="bfe5b177-a086-47a0-b102-097e4fa1f807">
                    <Patch Rollback="N" VerifyCmdline="" PatchURL="https://notepad-plus-plus.org/repository/7.x/7.6.4/npp.7.6.4.Installer.exe" Architecture="x86" Reboot="N" InstallCmdline="/S" Language="en" MSSUSName="" SupercededByBulletin="" SupercededByMSPatch="" OSVersion="" PatchFileName="" ObjectType="winnt.patch" ProbeCmdline="" Superceded="" Platform="winnt" UninstallCmdline="" QNumber="7640000" >
                        <PatchSignature>
<FileChg Name="notepad++.exe" CRC32="" Gmttime="" Path="C:\Program Files\Notepad++" Size="" Checksum="" Gmtdate="" Version="7.6.4.0" DesiredState="!E=8,EQ=0,GT=0,LT=8" ReportThreshold="1" Use="VERSION" />
                        </PatchSignature>
                    </Patch>
                    <Patch Rollback="N" VerifyCmdline="" PatchURL="https://notepad-plus-plus.org/repository/7.x/7.6.4/npp.7.6.4.Installer.x64.exe" Architecture="amd64" Reboot="N" InstallCmdline="/S" Language="en" MSSUSName="" SupercededByBulletin="" SupercededByMSPatch="" OSVersion="" PatchFileName="" ObjectType="winnt.patch" ProbeCmdline="" Superceded="" Platform="winnt" UninstallCmdline="" QNumber="7640000" >
                        <PatchSignature>
<FileChg Name="notepad++.exe" CRC32="" Gmttime="" Path="C:\Program Files\Notepad++" Size="" Checksum="" Gmtdate="" Version="7.6.4.0" DesiredState="!E=8,EQ=0,GT=0,LT=8" ReportThreshold="1" Use="VERSION" />
                        </PatchSignature>
                    </Patch>
                </Release>
            </Releases>
        </Product>
  <Product Name="Windows 8.1(MU)" FixedInRelease="0" Tag="6407468e-edc7-4ecd-8c32-521f64cee65e">
            <Releases>
                <Release Name="Windows 8.1(MU)" Tag="6407468e-edc7-4ecd-8c32-521f64cee65e">
                    <Patch Rollback="N" VerifyCmdline="" PatchURL="https://notepad-plus-plus.org/repository/7.x/7.6.4/npp.7.6.4.Installer.exe" Architecture="x86" Reboot="N" InstallCmdline="/S" Language="en" MSSUSName="" SupercededByBulletin="" SupercededByMSPatch="" OSVersion="" PatchFileName="" ObjectType="winnt.patch" ProbeCmdline="" Superceded="" Platform="winnt" UninstallCmdline="" QNumber="7640000" >
                        <PatchSignature>
<FileChg Name="notepad++.exe" CRC32="" Gmttime="" Path="C:\Program Files\Notepad++" Size="" Checksum="" Gmtdate="" Version="7.6.4.0" DesiredState="!E=8,EQ=0,GT=0,LT=8" ReportThreshold="1" Use="VERSION" />
                        </PatchSignature>
                    </Patch>
                    <Patch Rollback="N" VerifyCmdline="" PatchURL="https://notepad-plus-plus.org/repository/7.x/7.6.4/npp.7.6.4.Installer.x64.exe" Architecture="amd64" Reboot="N" InstallCmdline="/S" Language="en" MSSUSName="" SupercededByBulletin="" SupercededByMSPatch="" OSVersion="" PatchFileName="" ObjectType="winnt.patch" ProbeCmdline="" Superceded="" Platform="winnt" UninstallCmdline="" QNumber="7640000" >
                        <PatchSignature>
<FileChg Name="notepad++.exe" CRC32="" Gmttime="" Path="C:\Program Files\Notepad++" Size="" Checksum="" Gmtdate="" Version="7.6.4.0" DesiredState="!E=8,EQ=0,GT=0,LT=8" ReportThreshold="1" Use="VERSION" />
                        </PatchSignature>
                    </Patch>
                </Release>
            </Releases>
        </Product>
<Product Name="Windows 10 (MU)" FixedInRelease="0" Tag="A3C2375D-0C8A-42F9-BCE0-28333E198407">
            <Releases>
                <Release Name="Windows 10 (MU)" Tag="A3C2375D-0C8A-42F9-BCE0-28333E198407">
                    <Patch Rollback="N" VerifyCmdline="" PatchURL="https://notepad-plus-plus.org/repository/7.x/7.6.4/npp.7.6.4.Installer.exe" Architecture="x86" Reboot="N" InstallCmdline="/S" Language="en" MSSUSName="" SupercededByBulletin="" SupercededByMSPatch="" OSVersion="" PatchFileName="" ObjectType="winnt.patch" ProbeCmdline="" Superceded="" Platform="winnt" UninstallCmdline="" QNumber="7640000" >
                        <PatchSignature>
<FileChg Name="notepad++.exe" CRC32="" Gmttime="" Path="C:\Program Files\Notepad++" Size="" Checksum="" Gmtdate="" Version="7.6.4.0" DesiredState="!E=8,EQ=0,GT=0,LT=8" ReportThreshold="1" Use="VERSION" />
                        </PatchSignature>
                    </Patch>
                    <Patch Rollback="N" VerifyCmdline="" PatchURL="https://notepad-plus-plus.org/repository/7.x/7.6.4/npp.7.6.4.Installer.x64.exe" Architecture="amd64" Reboot="N" InstallCmdline="/S" Language="en" MSSUSName="" SupercededByBulletin="" SupercededByMSPatch="" OSVersion="" PatchFileName="" ObjectType="winnt.patch" ProbeCmdline="" Superceded="" Platform="winnt" UninstallCmdline="" QNumber="7640000" >
                        <PatchSignature>
<FileChg Name="notepad++.exe" CRC32="" Gmttime="" Path="C:\Program Files\Notepad++" Size="" Checksum="" Gmtdate="" Version="7.6.4.0" DesiredState="!E=8,EQ=0,GT=0,LT=8" ReportThreshold="1" Use="VERSION" />
                        </PatchSignature>
                    </Patch>
                </Release>
            </Releases>
        </Product>
  </Products>
</Bulletin>

0 0
Jim Longo
Silverlight 5.1.41212.0 breaks WUA on Windows 10 / Windows 10 WUA troubleshooting

I recently worked on a case where the WUA agent was not working on newly imaged Windows 10 systems after patch Tuesday February 2019.

It was determined that an old version of Silverlight was the root cause of the problem and the resolution was to install a newer version of Silverlight

 

Problem:
Silverlight 5.1.41212.0 breaks the WUA agent on newly imaged Windows 10 systems after patch Tuesday February 2019.

 

Resolution:
Installing Silverlight 5.1.50915.0 resolves the issue.

 

NOTE: If manually updating Silverlight to 5.1.50915 resolves the problem and you want to automate the Silverlight update via Radia Patch Manager open a case requesting the custom XML file MSC-KB4023307. This is currently available for Win7, Win8.1, and Win10 systems. if you require additional OS's please add the OS's to the case when opening the request. 

 

Error in the patch connect log:
20190218 09:59:46 Info: Current version of WUA is 10.0.14393.2097
20190218 09:59:46 Info: Current version of MSI is 5.0.14393.0
20190218 09:59:46 Info: WUA Scan file is C:\PROGRA~2\PSL\RCA\Agent\Lib\WUA\wsusscn2.cab
20190218 09:59:46 Info: WUA Catalog Size : 537695760 bytes & Date/Time : Tue Feb 12 2:42:16 AM Eastern Standard Time 2019
20190218 09:59:58 Info: Registering Service 99b5bd9a-87e0-4cc6-9887-715a7e903cec
20190218 10:07:11 Error: The system cannot find the file specified.
while executing
"com::Invoke $updateSearcher Search [list VT_BSTR Type='Software']"
20190218 10:07:11 Error: Error in WUA scan : The system cannot find the file specified.
20190218 10:07:11 Error: WUA Scan failed with The system cannot find the file specified., please ensure c:\Windows\SoftwareDistribution is being excluded from virus scans
20190218 10:07:11 Error: No scan result found
while executing
"error "No scan result found""
(procedure "run_scan" line 139)
invoked from within
"run_scan"
(procedure "load_scan_results" line 21)
invoked from within
"load_scan_results"
20190218 10:07:11 Error: Error in WUA scan : No scan result found

 

 

Troubleshooting WUA on Windows 10:

 

Run Powershell offline scan to check WUA (Scan-UpdatesOffline.ps1)

https://gallery.technet.microsoft.com/Using-WUA-to-Scan-for-f7e5e0be

 

Copy the wsusscn2.cab file into c:/temp or change the .ps1 path to wsusscn2.cab, 

If successful the output should look like this:

 

Run PowerShell to convert WindowsUpdate data to readable format 

 

Get-WindowsUpdateLog

 

Output is sent to the desktop and should look like the following:

 

2019/02/23 07:05:54.1338811 11096 132176 Agent           Added update 79E70BC9-237E-4486-9AC8-DD8A85880A4E.200 to search result

2019/02/23 07:05:54.1339173 11096 132176 Agent           Found 7 updates and 97 categories in search; evaluated appl. rules of 1732 out of 2703 deployed entities

 

 

The following shows the WindowsUpdateLog output of a corrupt WUA agent

 

1600/12/31 19:00:00.0000000 704   1356                  Unknown( 14): GUID=fa8efdd1-a34b-3ee9-325f-d42a4a03e8df (No Format Information found).

1600/12/31 19:00:00.0000000 704   1356                  Unknown( 15): GUID=fa8efdd1-a34b-3ee9-325f-d42a4a03e8df (No Format Information found).

1600/12/31 19:00:00.0000000 704   1356                  Unknown( 16): GUID=fa8efdd1-a34b-3ee9-325f-d42a4a03e8df (No Format Information found).

0 0
Jim Longo
Windows 10 1709 to 1803 Branch Update using Radia Patch Manager

 A Radia customer recently asked if Radia Patch Manager can be used to manage Windows 10 Branch Updates. 

 

 The short answer is yes, it is possible to use Radia Patch Manager to update Windows 10 to a newer branch but it may be more advantageous to use Radia Software or OS Manager to manage Windows 10 Branch Updates because there is more functionality built into Software/OS Management processes.

 

 Radia Patch Manager is more of a drop and run scenario where Radia Patch Manager delivers the Branch Update Media and a script to initiate the update. This can be done with 2 services to deliver the content and execute the update on separate occasions, or a single service to deliver and execute the update at the same time.  

 

 Below is an overview of using Radia Patch Manager to deliver the Branch Update media, a script to execute the Branch Update, and a custom descriptor file to acquire/manage the delivery of a Branch Update.

 

 While this is not considered to be the best way of updating Windows 10 Branch Updates, this example provides some insight into the flexibility of Radia Patch Manager to provide custom content delivery and execution.. 

 

 Windows 10 Branch Update  overview:

 

1.>   Download and execute the latest MediaCreationTool.

2.>   Extract Windows.iso, rename the Windows folder to Windows_1803_ESD

3.>   Use component select mode to publish WINDOWS_1803_ESD to the PATCHMGR Domain. (For this example, folder renamed to Windows_1803_ESD and location is C:/temp).

 

4.>   The Windows_1803_ESD service should now be present in the PATCHMGR.ZSERVICE Domain. The service will deliver the media to the agent if the media doesn’t exist. The media can be staged on the agent in the c:/temp/Windows_1803_ESD folder using a custom Patch service, or a compiled script to copy the media to the agent over the Network prior to the install event. The install event and media delivery can be run separately in different Patch services.

 

5.>   Create, compile and acquire the installation script using a custom Descriptor file to manage Windows 1803. (.vbs compiled to .exe). Modify the command line with the desired install options, Example: include /Noreboot to stop the automatic reboot after the Branch Update is installed.

 

install_1809.vbs/exe

 

MSBU-WIN1803.xml

 

6.>   The MSBU-WIN1803 Patch service should now be present in the CSDB. In this example, only Windows 10 1607/1703/1709 systems are applicable and will execute if ReleaseID is not set to 1803 in the registry.

 In the PATCHMGR Domain locate the MSBU_WIN1803 service, right click/show connections, locate and drag Windows_1803_ESD service onto the MSBU_WIN1803 service.

 

8.>   Assign MSBU_WIN1803 in Policy and run a patch connect from a Windows 10 1709 system.

 

9.>   The MSBU_WIN1803 will be at risk since the ReleaseID is not set to1803 and the sub service WINDOWS_1803_ESD will deliver the OS. Once WINDOWS_1803_ESD is delivered MSBU_WIN1803 will execute installing/upgrading Windows 10 to 1803.

 

 And finally the compliance reporting.

 

1 1
Jim Longo
Patch Tuesday: December 2018

Hello Radia community,

 

As soon as we confirm the latest wsusscn2.cab file has been updated we will update this thread with more details.

 

Please review the full list of kb numbers below and adjust your acquisition accordingly.

 

Security Update website:

https://portal.msrc.microsoft.com/en-us/security-guidance/summary

 
*For custom bulletin requests please open a case with Accelerite support and provide the kb numbers, OS/ARCHETECTURE(32/64).

 

1 0
Jim Longo
Radia 9.1/9.2 Patch Manager new Architecture added for arm64

 When acquiring Windows 10 content with X64 selected the acquisition acquires both x64 and arm64 content. To disable the acquisition or arm64 content, a new Architecture for arm64 has been added to the console via an updated patch.tkd module.

 Please open a support case to obtain the latest patch.tkd module for Radia 9.1/9.2.

 

Radia 9.1 Hotfix ID: QCCR1C56982

Radia 9.2 Hotfix ID: QCCR1C56983

 

 

Problem/Purpose  : Patch manager options to not acquire win10 arm patches.

  

Patch/Hotfix Version  : 9.1/9.2

 

Applicable platforms : Microsoft Windows

 

Steps to apply the hotfix on core:

 

1. Stop the RCA Patch Manager Server service

2. Take a backup of the existing <InstallDir>/PatchManager/modules/patch.tkd file.

3. Replace the existing <InstallDir>/PatchManager/modules/patch.tkd with the new patch.tkd

4. Start the RCA Patch Manager Server service

 

Screen shot showing the new Architecture for arm64.

 

0 0
Jim Longo
Acquisition server data clean-up

Radia Patch Manager users who do not use the metadata model will acquire patch data into the Acquisition server. This data is not automatically deleted after the acquire process publishes content into the CSDB. Over time this data can build into several hundred GB's.

 Once this data is published to the CSDB the data can be deleted using the following steps.

  • On the acquisition server, Navigate to the data/PatchManager/patch/Microsoft folder.
  • Delete only the folders that contain the patch content. (Example: MS15, MS16, MS17, MS-KB).
  • Do not delete the bulletins (.xml) or the wsus/wua folders.

0 1
Jim Longo
Patch Tuesday: November 2018
Microsoft has not yet released the November wsusscn2.cab file. As soon as we confirm the latest wsusscn2.cab file has been updated we will update this thread with more details.
 
Please review the full list of kb numbers below and adjust your acquisition accordingly.
 
Security Update website:
 
 
 
*For custom bulletin requests please open a case with Accelerite support and provide the kb numbers, OS/ARCHETECTURE(32/64).
10 0
Jim Longo
How to create an acquisition job without updating the wsusscn2.cab file / Custom XML

 In some instances it is not necessary to update the wsusscn2.cab file on each acquisition. For instance, custom XML files are independent of the wsusscn2.cab file. Also, If you run multiple acquisitions on or after Patch Tuesday and the wsusscn2.cab file is current, the subsequent acquisitions can skip the download and extraction of the current wsusscn2.cab file until the next update.

 The following example is for custom XML files to acquire and manage third party content, however, the syntax to skip the wsusscn2.cab file can be applied to any acquire job.

 

 Copy the custom XML files into the data/PatchManager/patch/custom folder prior to acquisition. 

 

1.> Create a new custom acquisition job named custom. This can be reused to acquire custom content by updating the Bulletins with the bulletin ID’s to be acquired.


2.> In the Command Line Overrides section add the following syntax to disable the wsusscn2.cab file update. This will speed up the acquire process by bypassing the wsussnc.2cab file download and extraction.

 

-SKIP_WSUSSCNCAB_DOWNLOAD Y -SKIP_WSUSSCNCAB_EXTRACTION Y

 

3.> Enter the bulletins to be acquired separated by a comma. In this example we are using 2 custom bulletins to manage Notepad++ and FileZilla via Radia Patch Manager.


4.> Set Force and Replace to Y to automatically update the CSDB with the latest bulletin data. Only use Force and Replace set to Y when re-acquiring specific content, otherwise set both to N.


5.> Set acquire Microsoft patches to Yes.


6.> Run the acquire and check the CSDB editor for the bulletins.

0 2
Jim Longo
Radia 10 command line acquisitions linked to an acquire job for exclusions

  Radia 10 users, when running an acquisition via a command line there are a couple of new command line options including a new ARCH entry and Released date range to limit the acquired content.

 When using a command line to acquire content it is recommended to link to an acquire job to utilize the exclusion list and use command line options to tailor each acquire job to streamline the acquisition process and limit the amount of unwanted data that is acquired. 

1.> Command line acquire to acquire Win7 32bit only and update the wsusscn2.cab file. Linked to a Win7 acquire job for exclusions.

nvdkit-rca-patch.exe modules\patch.tkd acquire -config etc\patch.cfg,etc\Win7.acq  -SKIP_WSUSSCNCAB_DOWNLOAD N -SKIP_WSUSSCNCAB_EXTRACTION N -arch MICROSOFT::x86 -patches_released_since 09/12/2018 -patches_released_till 09/12/2020
 
2.> Command line acquire for Win10 64bit only, do not update the wsussc2,cab file. Linked to a Win10 acquire job. Since a new Architecture was added in the latest Radia 10 patch.tkd file both x64 and amd64 should be used to acquire all 64bit content. Also, if this acquire job is run after an acquire job that updated the wsusscn2.cab file for the month, there is no need to update the wsusscn2.cab file again so it can be bypassed using the -SKIP switches set to Y. This will cut down on the amount of time the second acquire job runs. 

nvdkit-rca-patch.exe modules\patch.tkd acquire -config etc\patch.cfg,etc\Win10.acq -SKIP_WSUSSCNCAB_DOWNLOAD Y -SKIP_WSUSSCNCAB_EXTRACTION Y -arch MICROSOFT::x64,MICROSOFT::amd64 -patches_released_since 09/12/2018 -patches_released_till 09/12/2020
 
 
1.> -config links the command line to the acquire job.

         -config etc\patch.cfg,etc\Win7.acq 
         -config etc\patch.cfg,etc\Win10.acq
 
     2.> -SKIP to update the wsusscn2.cab file. Y/N

         -SKIP_WSUSSCNCAB_DOWNLOAD Y -SKIP_WSUSSCNCAB_EXTRACTION Y
  
 3.> -arch to set the architecture. For 64bit acquisitions use both x64 and amd64 to acquire all x64 content.

        -arch MICROSOFT::x64,MICROSOFT::amd64
        -arch MICROSOFT::x86
 
  4.> Date range to limit the acquisition results. Using a future date for the till switch so it doesn’t need to be updated each month until 9/12/2020.

        -patches_released_since 09/12/2018 -patches_released_till 09/12/2020
0 0
Jim Longo
Radia 10 Patch Manager new Architecture added for arm64

  Radia 10 users,

 When acquiring Windows 10 content with X64 selected the acquisition acquires both x64 and arm64 content. To disable the acquisition or arm64 content, a new Architecture for arm64 has been added to the console via an updated patch.tkd module. Please open a support case to obtain the latest patch.tkd module for Radia 10. 

 

 Hotfix ID: QCCR1C56330: 

 

Problem/Purpose  : Patch manager options to not acquire win10 arm patches.

 

Patch/Hotfix Version  : 10.0

Patch/Hotfix Level  : CP1

Applicable platforms  : Microsoft Windows

Attached hotfix files : patch.tkd

Steps to apply the hotfix on core:

 1. Stop the RCA Patch Manager Server service

 2. Take a backup of the existing <InstallDir>/PatchManager/modules/patch.tkd file.

 3. Replace the existing <InstallDir>/PatchManager/modules/patch.tkd with the new patch.tkd

 4. Start the RCA Patch Manager Server service

 

Screen shot showing the new Architecture for arm64.

 

 

0 0
Casey Brennan
Configuring usage in enterprise environment

I've deployed the usage agent to a few clients and collected usage data.  In an enterprise globally distributed network, how does one set the collection destination?  Also, is the usage data sent in compressed format?  And what is the difference between the UMINVENT and UMCOLLCT classes?  It seems that collecting the data on an agent software connect will be adequate -- so there should be no need to schedule a collection outside of that.  There is a best practices guide on the web site but it's a bit dated -- is there any other documentation which defines all the usage classes and attributes and best practices for Radia 10?

7 0
Jim Longo
October wsusscn2.cab file is not yet available

October wsusscn2.cab file is not yet available; we are monitoring the situation and will send an update once the wsusscn2lcan has been updated by Microsoft.

1 0
John Edmondson
June 2018 - Wsusscn2.cab file not yet available

Just noting that an updated June 2018 cab file is not available yet as far as I can tell.   If anyone is having a different experience please confirm.

5 0
Libor Janda
Upgrade Windows 10 to 1803

Hello all,

are somewhere described instructions how to upgrade older Windows 10 machines to 1803 using Patch manager (preferred) or Software manager without use of OS manager?

4 0
Yury Carrero
Shortcut is not removing after removing service

Using Radia 10 I unentitled a service that creates a shortcut in the computer's desktop however the shortcut is never removed from the computer. is there something that needs to be done in order for the icon to be removed from the deskop

0 0
Farhan Mohammed
Acquisition server

Hi is there a way to figure out what the version of Patch acquisition server is?

 

Thanks

2 0
Farhan Mohammed
What is SAP

Hi I was wondering what SAP is in HPCA/Radia, how is it useful?, what is SAP connect? What does it do on the client? What information does it hold? What does a SAP connect do?

1 0
Ishant Walia
Auto download of latest patches

Hi Experts,

Could you please help me knowing the process to Auto download the latest patches.

Also please suggest how to remove old patches completely.

 

Any help will be highly appreciated.

Thanks,

 

0 0
Ishant Walia
change logo of radia agent shortcut

Hi experts,

Please tell, How can we change the logo of agent desktop shortcut ?

Any help will be highly appreciated.

 

thanks,

 

0 0
Ishant Walia
publish an exe package

Hi Experts,

I have published an exe package to deploy, but facing issue while executing.

Could you please help in this.

Below is the bat file i'm using:

C:\Package\DLP_HYB\TRITONAP-ENDPOINT-x64 /s /v"WSCONTEXT=45f97d9df5f81c712635a69a07193f18-1 /qn"

Service installation method:

NATIVE CMD /C C:\Package\DLP_HYB\dlp_hyb.bat

 

Is it right or modification needs to be done ?

0 0
Ishant Walia
patch deployment and patch connect best practise

Hi Experts,

Kindly help me in below concern.

How to get the information of patches pending /deployed (patch inventory)on fresh agent devices.

I get to know that need to run Patch Connect without any bulletin and it will get the information of patch inventory. Is it the process? because its not happening in my case.

Can i automate the download the latest patch ?

How to remove to old patches from Radia ?

Please help me understand this.

 

Thanks, 

5 0

Top Contributors