Microsoft Security Advisory 4022345
Identifying and correcting failure of Windows Update client to receive updates
Published: May 9, 2017 | Updated: May 12, 2017
Version: 1.3
Executive Summary
Microsoft is releasing this security advisory to provide information related to an uncommon deployment scenario in which the Windows Update Client may not properly scan for, or download, updates. This scenario may affect customers who installed a Windows 10 or Windows Server 2016 operating system, and who have never interactively logged in to the system or connected to it through remote desktop services. These systems may not receive Windows updates until a user has completed initial setup by interactively logging in or by logging in through remote desktop services.
To address this scenario, Microsoft has released an update to the Windows Update Client through a self-healing mechanism in the Windows Update release channel to correct the Windows Update behavior for server operating systems that are not scanning for, or receiving, updates. After machines are un-stuck by this mechanism, all existing settings a system administrator has configured will be honored, and updates will not be forced on a machine that has been configured to disable Windows Updates.
This advisory provides guidance for customers to identify whether they are affected by this uncommon scenario and what, if any, actions they need to take to correct the behavior.
Advisory Details
Affected Software
The following software versions or editions are affected. Versions or editions that are not listed are either past their support life cycle or are not affected. To determine the support life cycle for your software version or edition, see Microsoft Support Lifecycle.
**Client Operating Systems** |
Windows 10 for 32-bit Systems |
Windows 10 for x64-based Systems |
Windows 10 Version 1511 for 32-bit Systems |
Windows 10 Version 1511 for x64-based Systems |
Windows 10 Version 1607 for 32-bit Systems |
Windows 10 Version 1607 for x64-based Systems |
Windows 10 Version 1703 for 32-bit Systems |
Windows 10 Version 1703 for x64-based Systems |
**Server Operating Systems** |
Windows Server 2016 |
Windows Server 2016 (Server Core installation) |
Log into each machine
If you have a low number of possibly affected machines, the simplest way to ensure your machines are not in this state is to log into each machine. This can be an interactive logon, or a logon via remote desktop. You only need to do this once after the operating system is installed.
Other Information
Feedback
- You can provide feedback by completing the Microsoft Help and Support form, Customer Service Contact Us.
Support
- Customers in the United States and Canada can receive technical support from Security Support. For more information, see Microsoft Help and Support.
- International customers can receive support from their local Microsoft subsidiaries. For more information, see International Support.
- Microsoft TechNet Security provides additional information about security in Microsoft products.
Disclaimer
The information provided in this advisory is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Revisions
- V1.0 (May 9, 2017): Advisory published.
- V1.1 (May 10, 2017): Advisory updated to include Logon Type 2 Security Event Log entries. This is an informational change only.
- V1.2 (May11, 2017): Advisory updated to clarify the WSUS environment. This is an informational change only.
- V1.3 (May 17, 2017): Updated FAQ to clarify the update that needs to be installed: “the current cumulative update”. This is an informational change only.
Page generated 2017-05-17 10:48Z-07:00.