Page 1 of 2

Achtung für Nutzer der Security-Only Patches!

PostPosted: 09.07.2019, 22:21
by boco
Achtung: Das Security-Only-Update KB4507456 ist mit der Diagtrack-Malware (Telemetrie) infiziert!

Warning: Security-only update KB4507456 is infected with Diagtrack (Telemetry/Phone home) malware!

Re: Achtung für Nutzer der Security-Only Patches!

PostPosted: 11.09.2019, 17:12
by Pamela
So, will this spyware/malware KB be removed from WSUS or is it necessary to make a manual exclusion?

Re: Achtung für Nutzer der Security-Only Patches!

PostPosted: 12.09.2019, 04:37
by boco
The latter.

Re: Achtung für Nutzer der Security-Only Patches!

PostPosted: 12.09.2019, 17:00
by Pamela
Arrggghhh, I thought using WSUS was to prevent M$ from infecting my pc's.

Is this the correct way to make exclusions?

C:\Program Files\WSUS-1180\client\exclude\ExcludeList.txt
Insert:
kb2952664,spyware
kb4507456,spyware

Re: Achtung für Nutzer der Security-Only Patches!

PostPosted: 12.09.2019, 17:20
by Dalai
@Pamela:
Use wsusoffline\exclude\custom\ExcludeList-w61-x64.txt (or whatever your Windows version and architecture is) and wsusoffline\client\exclude\custom\ExludeList.txt. The important thing is the custom part because the non-custom lists are overwritten by a new version of WSUS Offline! Also, only add comments in the client ExcludeList, not in the specific lists like ExcludeList-w61-x64.txt.

And, no WSUS Offline can't prevent the installation of telemetry crap when MS adds such to security-only updates... WSUS Offline maintainers can't make a decision for all users to not install the SecOnly updates of 2019-07 and 2019-09 (yes, this month's updates contain telemetry again!).

Regards
Dalai

Re: Achtung für Nutzer der Security-Only Patches!

PostPosted: 13.09.2019, 05:01
by boco
Although this month's update installed without a hitch. It seems to only update the Malware components if they are installed. I have hard-blocked all that crap and none of that changed. *shrugs*


Edit: Scratch that, it did not install, just fail silently.

Re: Achtung für Nutzer der Security-Only Patches!

PostPosted: 13.09.2019, 15:09
by Pamela
Dalai wrote:@Pamela:
Use wsusoffline\exclude\custom\ExcludeList-w61-x64.txt (or whatever your Windows version and architecture is) and wsusoffline\client\exclude\custom\ExludeList.txt. The important thing is the custom part because the non-custom lists are overwritten by a new version of WSUS Offline! Also, only add comments in the client ExcludeList, not in the specific lists like ExcludeList-w61-x64.txt.


Super, thank you, but should I add the spyware KB's to both lists or is there a diff between them?
I don't have any ExcludeList.txt files in the two mentioned folders. Should I create them?

Dalai wrote:@Pamela:
And, no WSUS Offline can't prevent the installation of telemetry crap when MS adds such to security-only updates... WSUS Offline maintainers can't make a decision for all users to not install the SecOnly updates of 2019-07 and 2019-09 (yes, this month's updates contain telemetry again!).


Yes, I see the point, but a red flashing warning sign would be very welcome. What KB is infected this month?

Re: Achtung für Nutzer der Security-Only Patches!

PostPosted: 13.09.2019, 17:39
by Dalai
Pamela wrote:[...] but should I add the spyware KB's to both lists or is there a diff between them?

The first file takes care of the download part and the latter file is parsed when installing updates. Furthermore, as I indirectly already said, the first file is specific to a Windows version and architecture, the latter is the exclude list for any Windows/Office version/architecture.

I don't have any ExcludeList.txt files in the two mentioned folders. Should I create them?

Yes, but keep in mind that the name ExcludeList.txt is only correct for the client exclude list. You can use the names of the non-custom lists (one level above) as a template.

Yes, I see the point, but a red flashing warning sign would be very welcome.

Well, you can either wait for users to report it here or on other sites (askwoody.com, various forums and so on). Or you can consult the Windows Update history sites provided by MS, download the file information for the respective update, e.g. 2019-09 SecOnly (direct link to file information) and search for "diagtrack", "compattel" in these CSV files. If you find anything, the update contains telemetry.

What KB is infected this month?

Monthly Rollups always contain telemetry. So far there are "only" two SecOnly updates for Win7 that contain telemetry, too: 2019-07 and 2019-09. For the corresponding KB numbers, either consult the Windows Update history site linked above, or take a look at my site.

Regards
Dalai

Re: Achtung für Nutzer der Security-Only Patches!

PostPosted: 13.09.2019, 20:37
by Pamela
Very useful info, thank you. Are the security only patches multi-lingual :?:

I gave completely up on M$ during the GetWinX disaster and turned updates completely off on all pc's. The philosophy is that if I don't update a hacker may infect my pc's, but if I update I am 100% sure to get the pc's infected, so I prefer the first choice.
I do however give the pc's a WSUS disk from time to time. I think it is now time to stop updating Win7, because M$ will probably use the next ½ years updates to make Win7 totally unusable. Total M$ control of any Win7 pc will probably be implemented within the next security only updates, and of course only to help the stupid users getting the new Windows zombie10 OS...

Re: Achtung für Nutzer der Security-Only Patches!

PostPosted: 13.09.2019, 21:03
by Dalai
Pamela wrote:Are the security only patches multi-lingual :?:

Updates have been language-independent since Windows Vista.

Total M$ control of any Win7 pc will probably be implemented within the next security only updates, and of course only to help the stupid users getting the new Windows zombie10 OS...

Although I trust MS only as far as I can throw them, this is nonsense, at least the first part. There already is an update available on Windows Update that informs users of the end-of-life of Win7 EOL (and IIRC the upgrade options), meaning there's no need for MS to implement total control of anything. But everyone believes what they want to believe, so ... that's that.

Regards
Dalai