locked
Windows 2016 Std R2 Package unable to install(KB4022715 and KB4494440) RRS feed

  • Question

  • Hello Support,

    We are receiving Alert in Nessus Scan for Windows2016 Std R2.

    i.e:-

    1. KB4022715: Windows 10 Version 1607 and Windows Server 2016 June 2017
       Cumulative Update  (CVE-2017-0283)

    2. KB4343887: Windows 10 Version 1607 and Windows Server 2016 August
       2018 Security Update (Foreshadow) (CVE-2018-8344)

    3. KB4494440: Windows 10 Version 1607 and Windows Server 2016 May 2019
       Security Update (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL)
       (MSBDS/Fallout) (CVE-2019-0903)

    4. KB4056890: Windows 10 Version 1607 and Windows Server 2016 January
       2018 Security Update (Meltdown)(Spectre) (CVE-2018-0758)

    5. KB4074590: Windows 10 Version 1607 and Windows Server 2016 February
       2018 Security Update (Meltdown)(Spectre)(CVE-2018-0825)

    6. Security Updates for Windows 10 / Windows Server 2016 (August 2018)
       (Spectre) (Meltdown) (Foreshadow)(CVE-2018-3615)

    7. Security Updates for Windows 10 / Windows Server 2016 (January 2019)
       (Spectre)(CVE-2017-5715)

    8. Security Updates for Windows 10 / Windows Server 2016 (September 2018)
       (Spectre)(CVE-2017-5715)

    I am unable to find this above the update packages. Kindly request you to provide a solution on this?

    Regards

    TLS


    Wednesday, October 16, 2019 11:50 AM

All replies

  • Hi,

    It could be that most of these updates have been replaced by a newer update, also known as "superseded".

    Check the KB articles of the updates or the Microsoft Update Catalog if the updates have been replaced by another update, then check if the update that replaces the older update has been installed. 

    Example:

    Best regards,
    Leon


    Blog: https://thesystemcenterblog.com LinkedIn:

    Wednesday, October 16, 2019 1:58 PM
  • Hi SathishkumarSingh,
       

    As Leon explained, these updates in the list you provided have been replaced. It seems that these updates that need to be installed are monthly cumulative updates. According to the current update model implemented by Windows 10, you only need to patch the latest monthly cumulative update.
       

    This article is currently available for the monthly cumulative update for Windows 10 Version 1607: "Windows 10 and Windows Server 2016 update history". You can find all those mentioned updates and complete the latest updates.
    For example, for now, you only need to install KB4519979 (October 15, 2019) for client approval to solve the problem because it replaces all previous monthly cumulative updates.
       

    Hope the above can help you.
         

    Regards,
    Yic

    Please remember to mark as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, October 17, 2019 1:22 AM
  • Hello Leon and Yic,

    Thank you for the reply . As you said the latest cumulative update KB4519979 (October 15, 2019) is installed on my server and rebooted and when checked for update it says no updates avalible , but still the the Vulnerability Scan report is same . 

    And on Checking the update history KB the updates which has been changed with latest ones says this package is not required for this system . 

    Regards

    TLS

    Thursday, October 17, 2019 10:16 AM
  • It could also be a simple false positive alert from Nessus, I’ve seen it before.

    Blog: https://thesystemcenterblog.com LinkedIn:

    Thursday, October 17, 2019 10:22 AM
  • Hello Leon and Yic,

    After setup WSUS in Windows2016 Std.

    We are getting the below error when syncing the updates from Microsoft server 

    SoapException: Fault occurred
    at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
       at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
       at Microsoft.UpdateServices.ServerSyncWebServices.ServerSync.ServerSyncProxy.GetUpdateData(Cookie cookie, UpdateIdentity[] updateIds)
       at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.WebserviceGetUpdateData(UpdateIdentity[] updateIds, List`1 allMetadata, List`1 allFileUrls, List`1& updatesWithSecureFileData, Boolean isForConfig)
       at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.GetUpdateDataInChunksAndImport(List`1 neededUpdates, List`1 allMetadata, List`1 allFileUrls, Boolean isConfigData)
       at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.GetAndSaveUpdateMetadata(List`1 updates)
       at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.ExecuteSyncProtocol(Boolean allowRe

    we have already changed the update URL to https://sws.update.microsoft.com but still we have same issue

    Regards

    TLS

    Wednesday, October 23, 2019 7:09 AM
  • Hi 

    When i try to generate the report in WSUS, we are getting below errors.

    i.e:-

    I tried to downlaod this file and install, one more error

    i.e: -

    How to fix this issue to view reports in WSUS

    Regards

    TLS

    Wednesday, October 23, 2019 7:09 AM
  • To view the reports you'll need to install the Microsoft System CLR Types for SQL Server 2012, you can download it from here:

    X86 Package(SQLSysClrTypes.msi)

    X64 Package (SQLSysClrTypes.msi)

    Once that is installed, install the ReportViewer runtime.


    Blog: https://thesystemcenterblog.com LinkedIn:


    • Edited by Leon Laude Wednesday, October 23, 2019 8:07 AM
    Wednesday, October 23, 2019 8:07 AM
  • To view the reports you'll need to install the Microsoft System CLR Types for SQL Server 2012, you can download it from here:

    X86 Package(SQLSysClrTypes.msi)

    X64 Package (SQLSysClrTypes.msi)

    Once that is installed, install the ReportViewer runtime.


    Blog: https://thesystemcenterblog.com LinkedIn:


    Hi Leon,

    its working now! Many Thanks 

    Regards

    TLS

    Wednesday, October 23, 2019 9:55 AM
  • Hi Leon,

    I am unable to see Computers in WSUS.

    These are the GPOs Created:

    Telnet is working fine with Port 8530, But Computers are not getting listed in WSUS through GPO

    Please advise

    Regards

    TLS

    Wednesday, October 23, 2019 10:16 AM
  • This is going a bit off topic, might want to start another thread for your WSUS troubleshooting.

    Blog: https://thesystemcenterblog.com LinkedIn:

    Wednesday, October 23, 2019 10:48 AM
  • Hi TLS,
      

    Posting is to confirm with you: Has the problem finding KB4022715 and KB4494440 been resolved? If you still have questions, consider continuing to ask your questions in this thread. If you're done, consider marking the answers to this thread that are helpful to you.
       

    Regarding the other questions you mentioned, I sincerely recommend that you create a brand new thread in the forum, which is convenient for you and everyone to discuss clearly.
       

    Thank you for your cooperation.
      

    Regards,
    Yic

    Please remember to mark as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, October 24, 2019 6:29 AM
  • to solve KB4022715, You can try to change Registry setting iexplorer.exe like this:

    For 32-bit and 64-bit systems:    

    Click Start, click Run, type regedt32 or type regedit, and then click OK.

    In Registry Editor, locate the following registry folder: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\

    Right-click FeatureControl, point to New, and then click Key.

    Type FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX, and then press Enter to name the new subkey.

    Right-click FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX, point to New, and then click DWORD Value.

    Type "iexplore.exe" for the new DWORD value.

    Double-click the new DWORD value named iexplore.exe and change the Value data field to 1.

    Click OK to close.

     

    For 64-bit systems only:

    Click Start, click Run, type regedt32 or type regedit, and then click OK.

    In Registry Editor, locate the following registry folder: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\

    Right-click FeatureControl, point to New, and then click Key.

    Type FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX, and then press Enter to name the new subkey.

    Right-click FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX, point to New, and then click DWORD Value.

    Type "iexplore.exe" for the new DWORD value.

    Double-click the new DWORD value named iexplore.exe and change the Value data field to 1.

    Friday, November 22, 2019 4:44 PM