Slightly OT: Since this thread ended up being about the Spectre/Meltdown/Side Channel "stuff"... If you haven't yet grabbed it you might want to consider grabbing the baseline and CIs to import referenced here: https://blogs.technet.microsoft.com/configmgr_geek_speak/2018/01/09/configmgr-speculation-control-baseline-ftw/
That'll help you a BIT in wrapping your head around what-all might still be vulnerable for "some of" the stuff around the Speculative / Spectre / Meltdown / Insert whatever other name people are calling it . On Mon, Jan 15, 2018 at 9:03 PM, Gannon, Todd <[email protected]> wrote: > Thanks for that [image: đ] > > > > *From:* [email protected] [mailto:listsadmin@lists. > myitforum.com] *On Behalf Of *Rajah, Zubair > *Sent:* Monday, 15 January 2018 6:33 PM > > *To:* [email protected] > *Subject:* [mssms] RE: Some 2012 R2 clients trying to download WUA from > internet > > > > Hi, > > > > I think the reg keys you have below are only after you have installed the > updates. > > > > You need to set this key, or rather have AV set this key in order for > patches to show as applicable: > > > > Key="HKEY_LOCAL_MACHINE" Subkey="SOFTWARE\Microsoft\ > Windows\CurrentVersion\QualityCompat" > Value="cadca5fe-87d3-4b96-b7fb-a231484277cc" > Type="REG_DWORDâ > > Data="0x00000000â > > > > I used this link for server update process: https://support.microsoft.com/ > en-us/help/4072699/january-3-2018-windows-security-updates- > and-antivirus-software > <https://apac01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Fhelp%2F4072699%2Fjanuary-3-2018-windows-security-updates-and-antivirus-software&data=02%7C01%7Ctodd.gannon%40cbh.com.au%7Cb966d44067d645ef5dc608d55c048f12%7Cbdc5206836da48a79690d7703f926d76%7C1%7C0%7C636516097035159068&sdata=3ARxIWKP8vwj%2FOK53Xpa9jqP33010OkPf8VZIUYy%2F74%3D&reserved=0> > > I believe there is a link for the workstation OS as well. > > > > Good luck J > > > > > > > > *From:* [email protected] [mailto:listsadmin@lists. > myitforum.com <[email protected]>] *On Behalf Of *Gannon, > Todd > *Sent:* Monday, January 15, 2018 10:20 AM > *To:* [email protected] > *Subject:* [mssms] RE: Some 2012 R2 clients trying to download WUA from > internet > > > > *EXTERNAL: This is an external email received from the Internet. Report > this message to **[email protected] <[email protected]>** if the email > contains any suspicious content.* > * ------------------------------ * > > > > Aagghh. Donât need this on first day back from leave. Iâd say that this is > to do with Spectre vulnerability. The log file below probably has nothing > to do with it, but to do with Scep trying to download from internet. > > So for this Spectre vulenerability, I guess I have to: > > *To enable the fix ** > > reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session > Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0 /f > > reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session > Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 > /f > > Restart the computer for the changes to take effect. > > > > Will the January updates pop up after I do this? Is there a definitive > guide for this? I guess I will have to do more reading on this tomorrow.. > > Welcome back to work. > > > > > > > > > > *From:* [email protected] [mailto:listsadmin@lists. > myitforum.com <[email protected]>] *On Behalf Of *Gannon, > Todd > *Sent:* Monday, 15 January 2018 10:12 AM > *To:* [email protected] > *Subject:* [mssms] Some 2012 R2 clients trying to download WUA from > internet > > > > Hello â we use sccm and SUP to deploy updates to clients, which has worked > nicely, however for whatever reason it looks as if some, not all 2012 R2 > clients are looking to the internet to download what looks like a WUA agent > update. This fails because they donât have internet access. These servers > are also not downloading this months patches, assuming due to the error. > Has anyone experience this and know how to overcome it? > > > > > > 2018-01-15 09:45:52:281 884 2b5c SLS > Making request with URL HTTPS://sls.update.microsoft. > com/SLS/{9482F4B4-E343-43B6-B170-9A65BC822C77}/x64/6.3. > 9600.0/0?CH=67&L=en-US&P=&PT=0x8&WUA=7.9.9600.18696 > <https://apac01.safelinks.protection.outlook.com/?url=HTTPS%3A%2F%2Fsls.update.microsoft.com%2FSLS%2F%257b9482F4B4-E343-43B6-B170-9A65BC822C77%257d%2Fx64%2F6.3.9600.0%2F0%3FCH%3D67%26L%3Den-US%26P%3D%26PT%3D0x8%26WUA%3D7.9.9600.18696&data=02%7C01%7Ctodd.gannon%40cbh.com.au%7Cb966d44067d645ef5dc608d55c048f12%7Cbdc5206836da48a79690d7703f926d76%7C1%7C0%7C636516097035159068&sdata=Nb4kP%2FdB7z2%2FmM8JIyx3YnOX36tIwJBkTCg9%2BgVZCRk%3D&reserved=0> > > 2018-01-15 09:45:54:286 884 2b5c Misc > WARNING: Send failed with hr = 80072efd. > > 2018-01-15 09:45:54:286 884 2b5c Misc > WARNING: Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes > used : <None> > > 2018-01-15 09:45:54:286 884 2b5c Misc > WARNING: Send request failed, hr:0x80072efd > > 2018-01-15 09:45:54:286 884 2b5c Misc > WARNING: WinHttp: SendRequestUsingProxy failed for < > HTTPS://sls.update.microsoft.com/SLS/{9482F4B4-E343-43B6- > B170-9A65BC822C77}/x64/6.3.9600.0/0?CH=67&L=en-US&P=&PT= > 0x8&WUA=7.9.9600.18696 > <https://apac01.safelinks.protection.outlook.com/?url=HTTPS%3A%2F%2Fsls.update.microsoft.com%2FSLS%2F%257b9482F4B4-E343-43B6-B170-9A65BC822C77%257d%2Fx64%2F6.3.9600.0%2F0%3FCH%3D67%26L%3Den-US%26P%3D%26PT%3D0x8%26WUA%3D7.9.9600.18696&data=02%7C01%7Ctodd.gannon%40cbh.com.au%7Cb966d44067d645ef5dc608d55c048f12%7Cbdc5206836da48a79690d7703f926d76%7C1%7C0%7C636516097035159068&sdata=Nb4kP%2FdB7z2%2FmM8JIyx3YnOX36tIwJBkTCg9%2BgVZCRk%3D&reserved=0>>. > error 0x80072efd > > 2018-01-15 09:45:54:286 884 2b5c Misc > WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest > failed. error 0x80072efd > > 2018-01-15 09:45:54:286 884 2b5c Misc > WARNING: WinHttp: SendRequestToServerForFileInformation failed with > 0x80072efd > > 2018-01-15 09:45:54:286 884 2b5c Misc > WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072efd > > 2018-01-15 09:45:54:286 884 2b5c SLS > FATAL: SLS:CSLSDownloader::GetUrlContent: DoFileDownload failed with > 0x80072efd. > > 2018-01-15 09:45:54:286 884 2b5c SLS > FATAL: GetResponse failed with hresult 0x80072efd... > > 2018-01-15 09:45:54:286 884 2b5c EP > FATAL: EP: CSLSEndpointProvider::GetWUClientData - failed to get SLS > data, error = 0x80072EFD > > 2018-01-15 09:45:54:286 884 2b5c EP > FATAL: EP: CSLSEndpointProvider::GetEndpointFromSLS - Failed to get > client data, error = 0x80072EFD > > 2018-01-15 09:45:54:286 884 2b5c EP > FATAL: Failed to obtain 9482F4B4-E343-43B6-B170-9A65BC822C77 redir > Client/Server URL, error = 0x80072EFD > > 2018-01-15 09:45:54:286 884 2b5c PT > WARNING: PTError: 0x80072efd > > 2018-01-15 09:45:54:286 884 2b5c PT > WARNING: Initialization failed for Protocol Talker Context: 0x80072efd > > 2018-01-15 09:45:54:286 884 2b5c PT > WARNING: PTError: 0x80072efd > > 2018-01-15 09:45:54:287 884 2b5c SLS > Retrieving SLS response from server... > > 2018-01-15 09:45:54:287 884 2b5c SLS > Making request with URL HTTPS://sls.update.microsoft. > com/SLS/{9482F4B4-E343-43B6-B170-9A65BC822C77}/x64/6.3. > 9600.0/0?CH=67&L=en-US&P=&PT=0x8&WUA=7.9.9600.18696 > <https://apac01.safelinks.protection.outlook.com/?url=HTTPS%3A%2F%2Fsls.update.microsoft.com%2FSLS%2F%257b9482F4B4-E343-43B6-B170-9A65BC822C77%257d%2Fx64%2F6.3.9600.0%2F0%3FCH%3D67%26L%3Den-US%26P%3D%26PT%3D0x8%26WUA%3D7.9.9600.18696&data=02%7C01%7Ctodd.gannon%40cbh.com.au%7Cb966d44067d645ef5dc608d55c048f12%7Cbdc5206836da48a79690d7703f926d76%7C1%7C0%7C636516097035159068&sdata=Nb4kP%2FdB7z2%2FmM8JIyx3YnOX36tIwJBkTCg9%2BgVZCRk%3D&reserved=0> > > 2018-01-15 09:45:56:292 884 2b5c Misc > WARNING: Send failed with hr = 80072efd. > > 2018-01-15 09:45:56:292 884 2b5c Misc > WARNING: Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes > used : <None> > > 2018-01-15 09:45:56:292 884 2b5c Misc > WARNING: Send request failed, hr:0x80072efd > > 2018-01-15 09:45:56:292 884 2b5c Misc > WARNING: WinHttp: SendRequestUsingProxy failed for < > HTTPS://sls.update.microsoft.com/SLS/{9482F4B4-E343-43B6- > B170-9A65BC822C77}/x64/6.3.9600.0/0?CH=67&L=en-US&P=&PT= > 0x8&WUA=7.9.9600.18696 > <https://apac01.safelinks.protection.outlook.com/?url=HTTPS%3A%2F%2Fsls.update.microsoft.com%2FSLS%2F%257b9482F4B4-E343-43B6-B170-9A65BC822C77%257d%2Fx64%2F6.3.9600.0%2F0%3FCH%3D67%26L%3Den-US%26P%3D%26PT%3D0x8%26WUA%3D7.9.9600.18696&data=02%7C01%7Ctodd.gannon%40cbh.com.au%7Cb966d44067d645ef5dc608d55c048f12%7Cbdc5206836da48a79690d7703f926d76%7C1%7C0%7C636516097035159068&sdata=Nb4kP%2FdB7z2%2FmM8JIyx3YnOX36tIwJBkTCg9%2BgVZCRk%3D&reserved=0>>. > error 0x80072efd > > 2018-01-15 09:45:56:292 884 2b5c Misc > WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest > failed. error 0x80072efd > > 2018-01-15 09:45:56:292 884 2b5c Misc > WARNING: WinHttp: SendRequestToServerForFileInformation failed with > 0x80072efd > > 2018-01-15 09:45:56:292 884 2b5c Misc > WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072efd > > 2018-01-15 09:45:56:292 884 2b5c SLS > FATAL: SLS:CSLSDownloader::GetUrlContent: DoFileDownload failed with > 0x80072efd. > > 2018-01-15 09:45:56:292 884 2b5c SLS > FATAL: GetResponse failed with hresult 0x80072efd... > > 2018-01-15 09:45:56:292 884 2b5c EP > FATAL: EP: CSLSEndpointProvider::GetWUClientData - failed to get SLS > data, error = 0x80072EFD > > 2018-01-15 09:45:56:292 884 2b5c EP > FATAL: EP: CSLSEndpointProvider::GetEndpointFromSLS - Failed to get > client data, error = 0x80072EFD > > 2018-01-15 09:45:56:292 884 2b5c EP > FATAL: Failed to obtain 9482F4B4-E343-43B6-B170-9A65BC822C77 redir > Reporting URL, error = 0x80072EFD > > 2018-01-15 09:45:56:292 884 2b5c PT > WARNING: PTError: 0x80072efd > > 2018-01-15 09:45:56:292 884 2b5c Report > FATAL: OpenReportingWebServiceConnection, GetReportingServerUrl failed > with error, hr = 0x80072EFD. > > 2018-01-15 09:45:56:292 884 2b5c Report > WARNING: HandleEvents, OpenReportingWebServiceConnection, with NULL > CallerIdentity failed with error, hr = 0x80072EFD. > > 2018-01-15 09:45:56:292 884 2b5c Report > WARNING: Reporter failed to upload events with hr = 80072efd. > > 2018-01-15 09:47:52:255 884 3ec AU > Earliest future timer found: > > 2018-01-15 09:47:52:255 884 3ec AU > Timer: CF1ABEC6-7887-4964-BB93-B2E21B31CEC1, Expires 2018-01-15 > 22:43:18, not idle-only, not network-only > > 2018-01-15 09:47:53:256 884 2434 AU > ########### AU: Uninitializing Automatic Updates ########### > > 2018-01-15 09:47:53:256 884 2434 WuTask Uninit > WU Task Manager > > 2018-01-15 09:47:53:278 884 2434 AU > Earliest future timer found: > > 2018-01-15 09:47:53:278 884 2434 AU > Timer: CF1ABEC6-7887-4964-BB93-B2E21B31CEC1, Expires 2018-01-15 > 22:43:18, not idle-only, not network-only > > 2018-01-15 09:47:53:287 884 2434 AU > Earliest future timer found: > > 2018-01-15 09:47:53:287 884 2434 AU > Timer: CF1ABEC6-7887-4964-BB93-B2E21B31CEC1, Expires 2018-01-15 > 22:43:18, not idle-only, not network-only > > 2018-01-15 09:47:53:318 884 2434 Service > ********* > > 2018-01-15 09:47:53:318 884 2434 Service ** > END ** Service: Service exit [Exit code = 0x240001] > > 2018-01-15 09:47:53:318 884 2434 Service > ************* > > Thanks > > Todd > > > > > > > > > > > ------------------------------ > > > The contents of this email, including all related responses, files and > attachments transmitted with it (collectively referred to as âthis Emailâ), > are intended solely for the use of the individual/entity to whom/which they > are addressed, and may contain confidential and/or legally privileged > information. This Email may not be disclosed or forwarded to anyone else > without authorization from the originator of this Email. If you have > received this Email in error, please notify the sender immediately and > delete all copies from your system. Please note that the views or opinions > presented in this Email are those of the author and may not necessarily > represent those of Saudi Aramco. The recipient should check this Email and > any attachments for the presence of any viruses. Saudi Aramco accepts no > liability for any damage caused by any virus/error transmitted by this > Email. > > > > -- Thank you, Sherry Kissinger My Parameters: Standardize. Simplify. Automate Blog: http://mnscug.org/blogs/sherry-kissinger
