Torsten I would just point out that according to Microsoft,
Administrators of enterprise installations should assess their environments for the existence of certificates with MD5 hashes and re-issue these certificates prior to broader distribution of the update, which Microsoft plans to release in February 2014.
Maybe there are a lot of people using MD5 certificates and if they use WOU it may be unexpected to have them disabled. I don't know that KB2862973 should be included by default, or maybe there should be a checkbox?
There are two updates that I
mentioned a while back that I really think you should include by default:
Microsoft Security Advisory: Update for the Windows Operating System LoaderMicrosoft Security Advisory (2506014): Update for the Windows Operating System LoaderMicrosoft says about that update: "While this is not an issue that would require a security update..." I disagree. Especially because they describe it as "An issue has been identified that could allow a user with administrative permissions to load an unsigned driver." Yet for some reason they never released it as a security update.
- Code: Select all
echo http://download.microsoft.com/download/D/B/2/DB23C949-6F3F-455F-A048-FE7C8CDB97A9/Windows6.0-KB2506014-x64.msu>>static\custom\StaticDownloadLinks-w60-x64-glb.txt
echo http://download.microsoft.com/download/9/8/5/98578ACE-4837-437E-B51B-E4C4C8DFE7AB/Windows6.1-KB2506014-x64.msu>>static\custom\StaticDownloadLinks-w61-x64-glb.txt
echo KB2506014>>client\static\custom\StaticUpdateIds-w60-x64.txt
echo KB2506014>>client\static\custom\StaticUpdateIds-w61-x64.txt
Unauthorized digital certificates could allow spoofingMicrosoft Security Advisory (2718704): Unauthorized Digital Certificates Could Allow SpoofingThis is a mitigation for the Flame trojan and yet for some reason they don't include it by default. Why is that..
- Code: Select all
echo http://download.microsoft.com/download/D/0/7/D07BC77B-ECE5-4BD9-80F8-17C5C237B1A0/WindowsXP-KB2718704-x86-ENU.exe>>static\custom\StaticDownloadLinks-wxp-x86-glb.txt
echo http://download.microsoft.com/download/B/C/3/BC388BA3-D4CC-4D16-BF84-1A1154FB5599/WindowsServer2003-KB2718704-x86-ENU.exe>>static\custom\StaticDownloadLinks-w2k3-x86-glb.txt
echo http://download.microsoft.com/download/9/7/8/97859DB6-04A2-43A5-B9E8-C37180425D08/WindowsServer2003.WindowsXP-KB2718704-x64-ENU.exe>>static\custom\StaticDownloadLinks-w2k3-x64-glb.txt
echo KB2718704>>client\static\custom\StaticUpdateIds-wxp-x86.txt
echo KB2718704>>client\static\custom\StaticUpdateIds-w2k3-x86.txt
echo KB2718704>>client\static\custom\StaticUpdateIds-w2k3-x64.txt
echo http://download.microsoft.com/download/D/7/A/D7A4C58C-A0E8-4CD7-A405-36C787637474/Windows6.0-KB2718704-x86.msu>>static\custom\StaticDownloadLinks-w60-x86-glb.txt
echo http://download.microsoft.com/download/7/3/1/731F9EE8-438E-4411-A994-2D0A1443501F/Windows6.0-KB2718704-x64.msu>>static\custom\StaticDownloadLinks-w60-x64-glb.txt
echo KB2718704>>client\static\custom\StaticUpdateIds-w60-x86.txt
echo KB2718704>>client\static\custom\StaticUpdateIds-w60-x64.txt
echo http://download.microsoft.com/download/4/1/3/413A9B3D-DC56-4DD8-8944-9B0DB0CC8025/Windows6.1-KB2718704-x86.msu>>static\custom\StaticDownloadLinks-w61-x86-glb.txt
echo http://download.microsoft.com/download/1/7/8/1787B87D-5DA3-44EF-A393-F15BF8EA3FBF/Windows6.1-KB2718704-x64.msu>>static\custom\StaticDownloadLinks-w61-x64-glb.txt
echo KB2718704>>client\static\custom\StaticUpdateIds-w61-x86.txt
echo KB2718704>>client\static\custom\StaticUpdateIds-w61-x64.txt
Thanks