Granular control of update packages on windows 10 with WuMgr (Update Manager for Windows)

 

 

Granular control of update packages on windows 10 with WuMgr (Update Manager for Windows)

Thursday, January 6, 2022

11:53 PM

so I spent all morning working on a case where I need to test a specific windows patch, could not get the ones i want to install even though i knew they were the right packages from the windows update catalogue, i thought they are cumulative right so they should just work with no pre-reqs.....

 

well guess what, there was a pre-req to that cumulative update that was not listed by MS anywhere in their documentation online, but magically once i install the 2021-08 servicing stack update then magically i can now install those cumulate updates i need to test with for my case....

 

what a mess!

 

i found a great tool to help me figure it out:

 

https://github.com/DavidXanatos/wumgr/releases

 

this tool is great, basically it lets you use windows update like it used to work in Windows XP where you can install single updates one by one but it will only show ones that are compatible. so if you don't see the ones you want to test with listed for install then you know it's not going to be compatible with the machine.

 

what i did in my case was i noticed my listed security updates stopped at august servicing stack update, so I installed that one and now i can see the cumulative updates right up to the current month, which is good for me because i need to test with September, October and then November 1 by 1 in that order.

 

if you use it in offline mode this way it works great, definitely will come in use in the future for cases.

 

def saves time too, windows update stuff takes ages to test because you need to wait for it to check for updates each time you make a change which can take like 15 mins just to bring back a list of updates to install, never mind the actual installation lol.

 

From WuMgr Github:

 

WuMgr (Update Manager for Windows) is a tool to manage updates of Microsoft products on the Windows operating system. It uses the "Windows Update Agent API" to identify as well as download and install missing updates. It allows the user fine control of updates on modern (Windows 10) operating system versions, comparable to what windows 7 and 8.1 offered.

This tool is inspired by the Windows Update Mini Tool (WUMT), however in comparison to WUMT it is written in pure .NET instead of C/C++, and it is open source.

Here are my official donation options:

·        ETH: 0xBf08c3c47C5175015cEF4E32fB2315c9111F5305

·        LTC: LTqXK1UEri1FCv7fNn9bcFhsrh78SaNdSM

·        BTC: 18tQgfoog4VyespgskpNiaNFMTdcm6j5Gd

And if you preffer more legit payment methods, here is my pateron page: https://www.patreon.com/DavidXanatos

Icons provided by:

·        Icons8-com (http://icons8.com/)

 

From <https://github.com/DavidXanatos/wumgr>

 

 

 

Created with OneNote.

Method 2: Analyze Memory Dump Files Using Windows Debugger

How to Read Memory Dump Files in Windows 10

Wednesday, February 26, 2020

9:22 AM

Method 2: Analyze Memory Dump Files Using Windows Debugger

1.Download Windows 10 SDK from here.

Note: This program contains WinDBG program that we will be using to analyze the .dmp files.

2.Run the sdksetup.exe file and specify the installation location or use default.

3.Accept License agreement then at “Select the features you want to install” screen select only the Debugging Tools for Windows option and then click Install.

4.The application will begin downloading the WinDBG program, so wait for the program to be installed on your system.

5.Press Windows Key + X then select Command Prompt (Admin).

6.Type the following command into cmd and hit Enter:

cd\Program Files (x86)\Windows Kits\10\Debuggers\x64\

Note: Specify the correct installation of the WinDBG program.

7.Now once you’re inside the correct directory type the following command in order to associate WinDBG with .dmp files:

windbg.exe -IA

8.As soon as you enter the above command, a new blank instance of WinDBG will open with a confirmation notice which you can close.

9.Type windbg in Windows Search then click on WinDbg (X64).

10.In the WinDBG panel click on File then select Symbol File Path.

11.Copy and paste the following address into the Symbol Search Path box:

SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols

12.Click OK and then save the symbol path by clicking File > Save Workspace.

13.Now find the dump file you want to analyze, you could either use the MiniDump file found in C:\Windows\Minidump or you could use the Memory dump file found in C:\Windows\MEMORY.DMP.

14.Double click the .dmp file and the WinDBG should launch and begin processing the file.

Note: Since this is the first .dmp file being read on your system, WinDBG appears to be slow but do not interrupt the process as these processes are being carried out in the background:

A folder called Symcache is being created in C:
Symbols are being downloaded and saved to C:\Symcache

Once the symbols have been downloaded and the dump is ready to analyze you will see the message Followup: MachineOwner at the bottom of the dump text.

15.Also, the next .dmp file is processed, it will be quicker as it will have already downloaded the required symbols. Over time the C:\Symcache folder will grow in size as more symbols are added.

16.Press Ctrl + F to open Find then type “Probably caused by” (without quotes) and hit Enter. This is the quickest way to find what caused the crash.

17.Above the Probably caused by line you will see a BugCheck code eg: 0x9F. Use this code and visit Microsoft Bug Check Code Reference for verifying the bug check refer.

 

From <https://troubleshooter.xyz/wiki/how-to-read-memory-dump-files-in-windows-10/#Method_2_Analyze_Memory_Dump_Files_Using_Windows_Debugger>

 

Commands:

 

 

!analyze -v = Automatic crash analysis, works on kernel or user dumps

 

!analyze -hang = Automatic hang analysis, works on kernel or user dumps

 

!process 0 0 = List all processes in a kernel dump

 

!process <address> 17 = List all the threads in one process from the list produced by the above command

 

.process <address> = Switch to a particular process context

 

.reload /user = Loads user mode symbols after switching to a process

 

lmu = Lists the dlls for a process once you've switched to it (Needs a full dump)

 

lm = List all the kernel modules in a kernel dump or dlls in a user dump

 

!uniqstack = List all unique looking threads in a user mode dump

 

!runaway 7 - shows the CPU usage for different threads in a user dump

 

!locks - Shows if a deadlock is detected in either a kernel or user dump

 

!handle 0 7 839afbf8

 

!process 0 0 pgdriver

 

Symbol paths:

 

SRV*C:\symcache*http://msdl.microsoft.com/download/symbols;C:\symbols

 

Created with OneNote.

Method 1: Analyze Memory Dump Files using BlueScreenView

How to Read Memory Dump Files in Windows 10

Wednesday, February 26, 2020

9:22 AM

Method 1: Analyze Memory Dump Files using BlueScreenView

1.From NirSoft Website download the latest version of BlueScreenView according to your version of Windows.

2.Extract the zip file you download and then double-click on BlueScreenView.exe to run the application.

3.The program will automatically search for the MiniDump files at the default location which is C:\Windows\Minidump.

4.Now if you want to analyze a particular .dmp file then just drag and drop that file to BlueScreenView application and the program will read the minidump file easily.

5.You will see the following information at the top of the BlueScreenView:

·        The name of the Minidump file: 082516-12750-01.dmp. Here 08 is the month, 25 is the date, and 16 is the year of the dump file.

·        Crash Time is simply when the crash happens: 26-08-2016 02:40:03

·        Bug Check String is the error code: DRIVER_VERIFIER_IOMANAGER_VIOLATION

·        Bug Check Code is the STOP error: 0x000000c9

·        Then there will be Bug Check Code Parameters

·        The most important section is Caused By Driver: VerifierExt.sys

6.In the lower part of the screen, the driver which caused the error will be highlighted.

7.Now you have all the information about the error you could easily search the web for the following:

Bug Check String + Caused by Driver eg: DRIVER_VERIFIER_IOMANAGER_VIOLATION VerifierExt.sys

Bug Check String + Bug Check Code eg: DRIVER_VERIFIER_IOMANAGER_VIOLATION 0x000000c9

8.Or simply you can right-click on the minidump file inside the BlueScreenView and click “Google Search – Bug Check + Driver“.

9.Use this information to troubleshoot the cause and fix the error. And this is the end of the guide How to Read Memory Dump Files in Windows 10 using BlueScreenView.

 

 

The following resource is signed with a weak signature algorithm MD5withRSA and is treated as unsigned

 

 

The following resource is signed with a weak signature algorithm MD5withRSA and is treated as unsigned

Monday, February 24, 2020

1:59 AM

Error

Detail

Textual

Unsigned application requesting unrestricted access to system

The following resource is signed with a weak signature algorithm

MD5withRSA and is treated as unsigned.

http://hod/hod/WSCachedSupporter2.jar

Remediation

Outline

1.      Identify JRE

2.      Access lib\security folder

3.      Edit java.security

o   jdk.jar.disabledAlgorithms

·        Search out jdk.jar.disabledAlgorithms

·        Comment out reference to MD5

Steps

Access Control Panel Applet – Java

Access Control Panel Applet – Java – Tab – General

Access Control Panel Applet – Java – Tab – java

Access Control Panel Applet – Java – Tab – java – view – Java Runtime Environment Settings

Image

Explanation

1.      Settings

o   C:\Program Files\Java\jre1.8.0_131\bin\javaw.exe

·        Architecture :- x86_64

o   C:\Program Files (x86)\Java\jre7\bin\javaw.exe

·        Architecture :- x86

Folder :- Lib\security

Once we know the path to our JRE, we will navigate to the lib\security folder.

In our case the JRE path is C:\Program Files\Java\jre1.8.0_131.

The version number of Java is 1.8.0_131.  Major Version is 1.8.0 and minor version is 131.

Folder :- Lib\security – Files

 

Folder :- Lib\security – File – java.security

Original

Revised

Explanation

1.      Remove MD5 from the list of disabled Algorithms

2.      Data

o   Original

·        jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024

o   Revised

·        #jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024

 

From <https://enguyva.wordpress.com/2018/04/05/java-jnlp-error-weak-signature-algorithm-md5withrsa/>

 

Created with OneNote.

Managing Windows updates with PowerShell

 

Managing Windows updates with PowerShell

Thursday, January 6, 2022

11:45 PM

How to Automate Windows Updates Using PowerShell: Short Overview

Patch management is a crucial aspect of IT infrastructure administration, just as Windows Workstation backup. With the right patch management solution, you can enhance your system by testing or installing the latest software updates and patches. Patches are regarded as temporary fixes for existing issues between full-scale software releases. If patch management is effectively performed, you can promptly address vulnerabilities of your system and mitigate any potential threats.

Windows offers its own patch management solution – Windows Update. However, many IT administrators still find the patch management process too complex and time-consuming. Moreover, system updates can affect your production workflow as they often start automatically during business hours. With PowerShell cmdlets, you can automate Windows updates, saving you effort and time.

Today’s blog post describes how you can use PowerShell to install Windows updates and includes a list of useful PowerShell commands to automate the patch management process. Patching can reduce the risk of bugs or vulnerabilities affecting your system. However, you should use a comprehensive data protection solution to ensure the full-scale security of your production workloads. NAKIVO Backup & Replication is an affordable and reliable solution which can protect your data across various platforms (physical, virtual, or cloud).

What Is PSWindowsUpdate?

To make the Windows patch management process smooth and easy, you can use the PSWindowsUpdate module developed by Michal Gajda. This module is publicly available and can be downloaded for free from the PowerShell Gallery. The main requirement is that a computer needs to run Windows OS versions starting from Vista or Windows Server 2008. Also, you need to have PowerShell 2.0 or later.

With PSWindowsUpdate, you can identify if any Windows updates are available for your computer. Moreover, this module allows you to centrally manage Windows updates across various Windows servers and workstations. This way, you can remotely control which updates are installed, removed, or hidden.

Data Protection with NAKIVO Backup & Replication

NAKIVO Backup & Replication delivers high-end data protection for SMBs and enterprises with multiple backup, replication and recovery features, including VMware Backup, Hyper-V Backup, Office 365 Backup and more.

How to Automate Windows Updates with PowerShell

Below, we will outline the PSWindowsUpdate configuration process, including how to download and install the module, as well as how to check for the commands which can help you automate Windows updates.

How to install PSWindowsUpdate

To effectively automate Windows patch management, you first need to install the PSWindowsUpdate module on your computer. For this purpose, open an elevated PowerShell prompt and enter the following command:

Install-Module -Name PSWindowsUpdate

After running this command, you will be asked whether you want to install the specified module from PSGallery. Select Yes if you wish to continue and accept all changes.

 

Once you have installed the module, you need to ensure that you can remotely access other computers. This way, you should be able to install Windows updates on remote computers, allowing you to spend minimal time and effort. For the PSWindowsUpdate module to work with remote machines, you need to save the module to your computer and share it over a network. In case other servers are able to import and deploy this module, you can set up automated Windows patch management. To this end, you should run the following cmdlet:

Save-Module -Name PSWindowsUpdate -Path

Here, you need to define the –Path parameter by specifying where you want the PSWindowsUpdate module to be stored.

How to use PSWindowsUpdate

For the next step, you will learn how to use this module in order to automate Windows updates with PowerShell cmdlets. This is a great advantage for IT administrators who need to perform the patch management process on Server Core machines with no GUI. With the use of these cmdlets, you can minimize management complexity and make the process easier and less error-prone.

To get a full list of available Windows updates, run the following PowerShell command:

Get-WindowsUpdate

You should get the output seen below on your screen:

With this information, you will know for sure which software or application needs to be updated. After that, you can install all the updates by entering the command below. Moreover, by adding the –AutoReboot parameter, you can ensure that the system will automatically restart once the update is installed.

Get-WUInstall -AcceptAll –AutoReboot

If you would not like a reboot to start (so as not to interrupt the production workflow), you can run the following cmdlet:

Get-WUInstall -AcceptAll –IgnoreReboot

On the screen, you can see the progress of the patch management process, as well as the full list of updates and their current status.

After the installation process is complete, you will see the following message in the PowerShell console: ‘Reboot is required but do it manually’. Thus, you are still required to restart the system, but you can do it at the time which best suits your schedule.

Should you wish to download only a specific update, you can add the –KBArticleID parameter to the PowerShell cmdlet. Don’t forget to specify the number of KB Article in order to download the right patch. For example, I want to install Windows Malicious Software Removal Tool x64 and Security Intelligence Update for Windows Defender Antivirus. The appropriate PowerShell command should appear as follows:

Get-WUInstall -KBArticleID KB890830, KB2267602 –AcceptAll

After running this command, I will have only two of said updates installed on my computer.

Overview of PSWindowsUpdate commands

If you are wondering which PowerShell cmdlet can work with the PSWindowsUpdate module, you should type the following command and press Enter:

Get-Command –module PSWindowsUpdate

Here, you can see a full list of the module’s commands.

Let’s cover how some of these commands work.

1. The Get-WUHistory cmdlet allows you to view the history of the latest updates. After running this command, you will receive a similar output on your screen.

2. The next cmdlet is Get-WUInstallerStatus, which can help you verify the status of the Windows Installer service. Here, you can check whether the installer is working properly or not. The output for this operation can look as follows:

3. By running the Get-WURebootStatus cmdlet, you can check whether you need to reboot the system so that a specific update is fully applied.

4. With the Get-WUServiceManager cmdlet, you can check the source of Windows updates.

As you can see, the last column demonstrates the update source (e.g. Windows Update, DCat Flighting Prod, etc.).

5. You can hide certain updates from the list in order to avoid installing them on your computer. For this purpose, you should run the Hide-WindowsUpdate command where it is possible to specify the ID of KB articles you wish to hide. The following example demonstrates how you can hide the KB2267602 update from the list:

$HideList = "KB2267602"

Hide-WindowsUpdate -KBArticleID $HideList –Hide

Before any changes are made, you will be asked to confirm the selection. Type Y to hide the KB article.

 

However, if you wish to get the list of hidden updates, you can run the cmdlet below.

Get-WindowsUpdate –IsHidden

In the Status column, you can see the letter H denoting that the update has been successfully hidden. Thus, the next time you run the Get-WUInstall command, the selected update will be automatically excluded from the list of available updates.

Should you want to roll back the changes, you can use the following cmdlet in the PowerShell console:

Hide-WindowsUpdate -KBArticleID $HideList -Hide:$false

Once again, you will be asked to confirm the changes by typing Y.

As you can see, the letter H is no longer included in the update status, meaning that this Windows update is not hidden anymore and can be downloaded on your computer.

6. Another configuration option available to you is to remove the updates you have installed on your machine. For this purpose, you can use the Remove-WindowsUpdate cmdlet and type the ID of the KB article you wish to uninstall from your computer. For example:

Remove-WindowsUpdate -KBArticleID KB4519573 –IgnoreReboot

By adding the –IgnoreReboot parameter, you ensure that the computer will not reboot automatically. Once the update is uninstalled, you can reboot the machine later.

7. Last but not least, you can scan for available Windows updates on a remote machine using the Get-WUList cmdlet.

Get-WUList –ComputerName Server5

For this cmdlet to work, you also need to install the PSWindowsUpdate module on a remote computer. This way, you can automate Windows updates for multiple machines from a single pane of glass. With PSWindowsUpdate, the patch management process is performed in a simple and efficient way. Moreover, you can reduce the management overhead that IT administrators may experience during system patching.

 

From <https://www.nakivo.com/blog/automate-windows-updates-using-powershell-short-overview/>