Windows 10 cumulative updates, categorized as ‘Updates’, do not show up in Configuration Manager / WSUS

We are using Configuration Manager current branch to update the existing Windows 10 machines with quality updates. All Configuration Manager Components are running on ‘Server 2016’ + KB4284833. The error is reproducible in CMCB 1802, 1802 + KB4339794 or TP 1806.2. Windows 10 cumulative updates categorized as ‘Updates’ are not imported in to Configuration Manager […]

Deploy Intel microcode updates published by Microsoft via Configuration Manager

Microsoft published the Intel microcode update for Windows 10 1709 as a standalone update (KB4090007), so it is not showing up in WSUS. However, it can be deployed as an application: wusa.exe “windows10.0-kb4090007-x64_7063a0b6a38e2a648aa1d77570503f7062360c9d.msu” /quiet /norestart But, even if the current version 1.003 is already supporting more CPU models as version 1.001, it doesn’t cover all […]

Intel Management Engine vulnerability INTEL-SA-00086 and how to detect vulnerable systems in Configuration Manager

Intel published a new vulnerability on 11/20/17 around Intel® Management Engine (ME): INTEL-SA-00086 causing Elevation of Privilege (EoP), Remote Code Execution (RCE) or Denial of Service (DoS). Intel published also a detection tool to run on clients. The detection tool is creating registry values about the vulnerability state of a client. To check the status […]

You need an enterprise grade client management tool

I still see enterprises trying to go simple with their Windows clients: somehow deploying Windows 10, applying GPOs and just using WSUS to apply updates. But this leaves many points open in the management of the client ecosystem. Firmware-settings The new Windows 10 guards heavily depend on virtualization technologies, so beyond TPM 2.0, UEFI and […]

Credential Guard w/o Hyper-V Hypervisor? – NO!

Starting Windows 10 1607 the pre-installation of Hyper-V Hypervisor for Credential Guard is no longer necessary (s. Protect derived domain credentials with Credential Guard). After activating Credential Guard via GPO or registry the process lsaIso.exe is running. Msinfo32 is showing Credential Guard activated and a hypervisor is detected. But Windows Features shows Hyper-V Hypervisor not […]