Windows Updates Thread - August 2019 - Patch Yo Shizzle

Discussion in 'Business & Enterprise Computing' started by PabloEscobar, Dec 11, 2014.

  1. freaky_beeky

    freaky_beeky Member

    Joined:
    Dec 2, 2004
    Messages:
    1,172
    Location:
    Brisbane
    Great suggestion, tried it but to no avail.

    I have recently imported all the certificates manually and am still experiencing the same problem, which makes me feel like I'm experiencing two different issues simultaneously now so I've elected to try the same steps on a physical machine... (different subnet, routes and the like)

    EDIT: So to confirm, my PAC file is fine, networks have done some trickery on the subnet my VM is on preventing me from accessing the production proxy. Everything works fine if that Group Policy is set (the certs are missing, but they are automatically downloaded from Microsoft as requested)
     
    Last edited: Feb 1, 2017
  2. CptVipeR

    CptVipeR Member

    Joined:
    Jun 28, 2001
    Messages:
    847
    Location:
    Hobart
  3. OP
    OP
    PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    14,659
    Held Back until march.

    I think there was a SMB 0-day floating around. so make sure you're blocking outbound SMB, or someone will send a link to \\somerwhere.com\dodgy and wreck your shit.
     
  4. OP
    OP
    PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    14,659
    So, although the windows updates have been delayed this month. There are still Flash updates, If you're unfortunate enough to require it on your desktops, you will need to update before you get owned :).
     
  5. millsy

    millsy Member

    Joined:
    Mar 31, 2007
    Messages:
    13,616
    Location:
    Brisbane
    Edge / IE 11 (potential) RCE is now public.
    https://bugs.chromium.org/p/project-zero/issues/detail?id=1011

    Exploit is not public but the means of building one is, probably will have RCE pretty soon assuming it's exploitable, reads like it though. If you're curious saving that exact page triggers Symantec AV :p
     
    Last edited: Feb 28, 2017
  6. OP
    OP
    PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    14,659
    Win 10 Update breaks rendering of Microsoft Dynamics CRM 2011

    So if you use that combination, you're gonna have a bad time.

    http://www.infoworld.com/article/31...13429-breaks-microsoft-dynamics-crm-2011.html

    I've only just got round to looking through them... fuck its a long list this month... and still nothing about what happened last month.

    Grapevine says someone may have been doing something untoward with Microsofts build and update servers, but that's just hearsay at this stage.
     
  7. bcann

    bcann Member

    Joined:
    Feb 26, 2006
    Messages:
    6,138
    Location:
    NSW
    If you thought flash was dead and buried you've been living under a rock. There are still way too many pages that use and depend on it.
     
  8. OP
    OP
    PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    14,659
    Wots everyone elses WSUSContent folder size like?

    Since adding Win10, I've noticed a big chunk (~100GB) of free space disappear from my WSUSContent drive.

    It's currently sitting at about 170GB, with just english (regular, not express) patches for Win 7, 8.1, 10, A few MSSQL version and Office 2010.
     
  9. NSanity

    NSanity Member

    Joined:
    Mar 11, 2002
    Messages:
    18,473
    Location:
    Brisbane
    yup.

    We aren't doing WSUS under 50 seats now.
     
  10. OP
    OP
    PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    14,659
    First World Problem.
    No Feb Patches means that Gold Images didn't get powered on for updates
    Not being powered on means no WSUS Checkin
    no WSUS checkin means Purged.
    Purged means spending far to long, working out why they weren't finding updates (because we don't approve for unassigned computers)

    Fun times :).
     
  11. looktall

    looktall Working Class Doughnut

    Joined:
    Sep 17, 2001
    Messages:
    26,749
    your image creation process sounds interesting.

    fully automated?
     
  12. OP
    OP
    PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    14,659
    The Opposite. :(.

    Every month someone should power on the VDI images and update them.

    The purging from wsus and whatnot was automated though :).
     
  13. elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    45,679
    Location:
    Brisbane
    Things I don't miss: "maintaining gold images".

    When your deployment tool is your package installation tool is your security patching tool, there's no such thing as images any more, and life is good.
     
  14. OP
    OP
    PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    14,659
    If you are deploying unpatched machines into a VDI pool, and then patching them once they are in the pool... you're doing it wrong.
     
  15. elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    45,679
    Location:
    Brisbane
    If you have images that can go stale or have any need to maintain a gold master, you're doing it wrong.

    We have no gold master. We deploy 100% patched and up to date code at every deploy, production-ready, no extra patch step needed.
     
  16. looktall

    looktall Working Class Doughnut

    Joined:
    Sep 17, 2001
    Messages:
    26,749
    Oh is it time for the image and patching discussion again already?
     
  17. elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    45,679
    Location:
    Brisbane
    It's always time if you're doing it wrong. :p
     
  18. bcann

    bcann Member

    Joined:
    Feb 26, 2006
    Messages:
    6,138
    Location:
    NSW
    why do you have auto delete machines from AD after 30 days unchecked into WSUS for? i can think of a multitude of ways boxes aren't powered on for 30 days.
     
  19. looktall

    looktall Working Class Doughnut

    Joined:
    Sep 17, 2001
    Messages:
    26,749
    I would suggest that right and wrong are comparatively based on business environment and operating requirements as compared to a perfect world.

    More accurate terms in my opinion would be "this is how it should be" and "this is how it actually is".
     
  20. elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    45,679
    Location:
    Brisbane
    If "how it actually is" isn't "how it should be", then you're doing it wrong. That applies to more than software and computers. And anyone who disagrees is letting feelings get in the way of objective analysis.

    The point of perfection is that it should always be strived for, even if it can never be achieved. That is how we improve our situation every day, even if we still do some things wrong some of the time.

    But now we're getting deeply philosophical, and way off topic.
     

Share This Page

Advertisement: