[German]On Tuesday, December 12, 2017 (Patchday), Microsoft released several security updates for Microsoft Office in addition to Windows updates. Here is the list of updates.

These updates apply only to the MSI Installer version of Microsoft Office. The click-n-run update history is available here and on this Microsoft site. An overview of all Office updates for the MSI Installer versions of Office can be found here. I derived the security updates below from this list. The non-safety relevant updates from December 2017 are listed in the blog article Microsoft Office Patchday (December 5, 2017).

The Office updates disables DDE (Dynamic Update Exchange Protocol) in all supported Microsoft Word versions. This is done for security reasons (ADV170021), see also Microsoft’s Security Advisory 4053440 (DDE vulnerability).

Microsoft Office 2016

• Office 2016: Description of the security update for Office 2016: December 12, 2017 (KB4011095)
• Word 2016: Description of the security update for Word 2016: December 12, 2017 (KB4011575)

Microsoft Office 2013

• Word 2013: Description of the security update for Word 2013: December 12, 2017 (KB4011590)

Microsoft Office 2010

• Office 2010: Description of the security update for Office 2010: December 12, 2017 (KB4011612)
• Word 2010: Description of the security update for Word 2010: December 12, 2017 (KB4011614)

Microsoft Office 2007

• Word 2007: Description of the security update for Word 2007: December 12, 2017 (KB4011608) 

SharePoint Server

SharePoint Server 2016

• SharePoint Server 2016: Description of the security update for SharePoint Server 2016: December 12, 2017 (KB4011576)
• SharePoint Enterprise Server 2016: December 12, 2017, update for SharePoint Enterprise Server 2016 (KB4011578)

SharePoint Server 2013, Project Server 2013, SharePoint Foundation 2013

• Office Web Apps Server 2013: December 12, 2017, update for Office Web Apps Server 2013 (KB4011587)
• Project Server 2013: December 12, 2017, update for Project Server 2013 (KB4011598)
• Project Server 2013: December 12, 2017, cumulative update for Project Server 2013 (KB4011589)
• SharePoint Enterprise Server 2013: December 12, 2017, update for SharePoint Enterprise Server 2013 (KB4011601)
• SharePoint Enterprise Server 2013: December 12, 2017, update for SharePoint Enterprise Server 2013 (KB4011582)
• SharePoint Foundation 2013: December 12, 2017, update for SharePoint Foundation 2013 (KB4011596)
• SharePoint Foundation 2013: December 12, 2017, cumulative update for SharePoint Foundation 2013 (KB4011588)
• SharePoint Server 2013: December 12, 2017, cumulative update for SharePoint Server 2013 (KB4011593)

Details on the respective updates can be found in the linked KB articles.

Similar articles:
Adobe released Flash Player 28.0.0.126
Windows 7: Fix broken Update (Error 0x80248015) 12/4/17
Windows 10: Updates KB4054022, KB4055237, KB4052342 (Nov. 30, 2017)
Microsoft Office Patchday (December 5, 2017)
Patchday: Updates for Windows 7/8.1 (December 12, 2017)
Patchday: Windows 10 Updates December 12, 2017

[German]This blog post shows, how to define compatibility lists for ActiveX components in Internet Explorer 11. This is mandatory to allow ActiveX component execution within the browser. This topic has been raised a few days ago during fixing the broken Windows 7 Update process.

Some background

On December 4, 2017, many Windows 7 SP1 (and Windows Server 2008 R2) users discovered that they could no longer check for updates. The update search stalls with error code 0x80248015. I’ve addressed this issue within my blog post Windows 7: Error 0x80248015 in Update Search (Dec. 4, 2017).

Later on Microsoft fixed the issue. But not all systems was able to load that fix. Therefore I wrote a second article Windows 7: Fix broken Update (Error 0x80248015) 12/4/17 explaining the steps to install Windows Update Vista Web Control in Windows 7 Internet Explorer 11. But downloading and installing Windows Update Vista Web Control isn’t sufficient. IE 11 blocks ActiveX controls,  until they are listed within a compatibility list. I wasn’t aware of this, because I didn’t received an error message in IE 11. That’s the reason, why I proposed to install Silverlight to recover missing update options. Shortly after publishing the German blog post, I received comments, that a Silverlight install isn’t necessary. It’s required to ‘add the the installed Windows Update Vista Web Control to the Internet Explorer 11 Compatibility View list’. Here are the details.

Adding Microsoft to Compatibility View settings

To make Microsoft’s ActiveX controls work, Microsoft.com needs to be registered as secure in the compatibility list of IE 11. Therefore I fired up Internet Explorer 11 on my Windows 7 machine and processed the steps given at this Microsoft article.

1. Open Internet Explorer 11 and click the Tools menu, then select the command Compatibility View settings.

2. Then type the website address microsoft.com into the textbox Add this website and add this URI to the list of Websites for Compatibility View using the Add button.

After Closing the window, the add in should be executable within Internet Explorer 11. In my case, the Windows Update window popped up, and started to search for pending update. So installing Silverlight to recover some missing update options hasn’t been not necessary (see Windows 7: Fix broken Update (Error 0x80248015). Perhaps this blog post helps others in similar cases.

Similar articles
Windows 7: Error 0x80248015 in Update Search (Dec. 4, 2017)
Windows 7: Fix broken Update (Error 0x80248015)
June 2017 security updates IE 11 printing issues confirmed
IE11 printing issues in Windows are fixed (June 2017)
Windows 10: IE 11 doesn’t show JPEG images
IE 11 security updates June/July 2016 are causing issues
Internet Explorer 11 crashes after installing updates?
November 2017: Patchday issues (WSUS, IE …)

[German]As part of the December patchday (12/12/2017), Microsoft has also issued a Microsoft Security Advisory Notification. It addresses the security settings for Active Directory Domain Services. And it’s discusses the DDE vulnerability when opening Office documents.

Microsoft Security Advisory 4056318 (AD)

This Security Advisory Notification addresses security settings for Active Directory Domain Services. Microsoft has published a document with the title Guidance for securing AD DS account used by Azure AD Connect for directory synchronization dealing with this topic.

Executive Summary: Microsoft is releasing this security advisory to provide information regarding security settings for the AD DS (Active Directory Domain Services) account used by Azure AD Connect  for directory synchronization. This advisory also provides guidance  on what on-premises AD administrators can do to ensure that the  account is properly secured.

– Originally posted: December 12, 2017
– Version: 1.0

Microsoft Security Advisory 4053440 (DDE)

This Security Advisory Notification addresses an issue during opening a Microsoft Office document containing Dynamic Data Exchange (DDE) fields. Microsoft released a document with the title Securely opening Microsoft Office documents that contain Dynamic Data Exchange (DDE) fields (first version was dated November 8, 2017) with some details. The document has been updated at December 12, 2017 to reflect the changes made from December 2017 security updated. I’ve covered the early version of this document within my blog post Microsoft’s Security Advisory 4053440 (DDE vulnerability). Microsoft writes now:

Reason for Revision: Microsoft has released an update for all supported editions of Microsoft Word that allows users to set the functionality of the DDE protocol based on their environment.

For more information and to download the update, see ADV170021.

– Originally posted: November 8, 2017
– Updated: December 12, 2017
– Version: 2.0

The reason for updating this document: Microsoft has released an update (ADV170021) that addresses the ability that ‘allows users to set the functionality of the DDE protocol based on their environment in all supported editions of Microsoft Word’. I’ve mentioned these changes within my blog post Patchday: MS Office security updates (December 12, 2017).

The Microsoft statement about ‘allows users to set the functionality of the DDE protocol based on their environment’ sounds great. But you should know: Microsoft’s security updates for Office from December 12, 2017 simply disable DDE. If this function is needed within an environment (because applications are based on it), an administrator has the ability to allow the DDE functionality again, adding some registry settings detailed within the blog post Securely opening Microsoft Office documents that contain Dynamic Data Exchange (DDE) fields.

Similar articles:
Microsoft’s Security Advisory 4053440 (DDE vulnerability)
Patchday: MS Office security updates (December 12, 2017)

[German]Microsoft has released further updates for Flash, Internet Explorer,  Windows Server, etc. on December 12, 2017. Here are some details about selected patches.

The complete overview of all updates from Microsoft can be found on this website. Some of the updates mentioned there are described in separate blog posts (see link list at the end of this article).

Security updates

The following security updates have been released.

• Cumulative Security Update for Internet Explorer (KB4052978)
• Security Update for Windows Server 2008 (KB4047170)
• Security Update for Windows Server 2008 (KB4052303)
• Security Update for Windows Server 2008 (KB4053473)
• Adobe Flash-Sicherheitsupdate (KB4053577)
• Security Monthly Quality Rollup for Windows Server 2012 (KB4054520)
• Security Only Quality Update for Windows Server 2012 (KB4054523)

Dynamic Updates for Windows 10

Microsoft has released some dynamic updates for Windows 10. Such updates are used during setup and recovery (see Windows 10: What are dynamic updates?).

• Dynamic Update for Windows Version 1709 (KB4055994)
• Dynamic Update for Windows Version 1709 (KB4056457)

Other Updates

• Time zone update for Windows  (KB4051956)
• Windows Malicious Software Removal Tool – December 2017 (KB890830)
• Security Only Update for .NET Framework 4 (KB4021915)

KB4021915 (June, 2017 Security Only Update for .NET Framework 4 on WES09 and POSReady 2009) is a revised update, only the meta data has been changed. This update doesn’t need to be re-installed.

Similar articles:
Adobe released Flash Player 28.0.0.126
Windows 7: Fix broken Update (Error 0x80248015) 12/4/17
Windows 10: Updates KB4054022, KB4055237, KB4052342 (Nov. 30, 2017)
Microsoft Office Patchday (December 5, 2017)
Patchday: Updates for Windows 7/8.1 (December 12, 2017)
Patchday: Windows 10 Updates December 12, 2017
Patchday: MS Office security updates (December 12, 2017)

A serious vulnerability in Apple’s HTML rendering engine WebKit also affects the iCloud client for Windows. Apple has now released a security update of the iCloud client to fix these vulnerabilities.

Windows users who also want to access their data in the Apple cloud will need iCloud for Windows. iCloud for Windows gives you access to photos, videos, emails, calendars, calendar, files and other important information from your iCloud account directly from your Windows PC.

(Quelle: Apple)

Due to memory error in the WebKit HTML rendering engine, Apple has released iCloud für Windows in Version 7.2. If you use iCloud for Windows (it’s available for Windows 7 and upward), install the update immediately. Vulnerabilities allow malicious code to be executed when accessing manipulated web content – see this Apple document. In addition, the update closes another APN gap that an attacker on the same network can use to track a user.

Similar articles:
Outlook Sept. patch day bug reviews (iCloud, VB-Script…)
Microsoft Outlook: Fix for iCloud Sync problem

[German]Surprisingly Microsoft has released another (reliability) update KB4058043 for Windows 10 Fall Creators Update on December 15, 2017. Here are some hints for this (reliability) update.

The regular December 2017 patchday for Windows was on December 12, 2017. It seems that Microsoft did not have fixed all issues with the latest cumulative update for Windows 10 V1709. Three days after regular patchday, on 15.12.2017, Microsoft released another reliability update KB4058043 for Windows 10 Fall Creators Update. A German blog reader left a comment about that update (thanks to schattenmensch for this tip). I started a test machine and the update was also offered to me.

Update KB4058043 for Windows 10 Fall Creators Update (Version 1709) has been documented by Microsoft. It’s a reliability update for Microsoft Store.

A reliability update for Microsoft Store

The background for this update: Microsoft says, that during app updates from store a failure could occur and the update process stalls. During updating apps, Windows 10 Fall Creators Update Store app also generate unnecessary network requests. Microsoft claims, that this update makes reliability improvements to Microsoft Store. And they wrote, that it fixes the issue that could cause app update failures and it fixed the unnecessary network requests generated from Microsoft Store app. Unfortunately the don’t tell us in detail, which app update error(code) has been fixed.

How to obtain Update KB4058043?

Update KB4058043 will be distributed and installed in Windows 10 Fall Creators Update automatically via Windows Update. A restart doesn’t seems to be necessary. I’ve checked Microsoft Update Catalog, but this package isn’t (yet) available. I can’t check, if update KB4058043 is available via WSUS / SCCM.

Are there known issues with Update KB4058043?

Microsoft isn’t aware of known issues. I can’t say, if there are issues. Currently my test machine installs this update. Seaching the web, I just found the Microsoft KB article and my own blog post. Similar updates for other Windows 10 builds are not released (as far as I know).

Similar articles:
Adobe released Flash Player 28.0.0.126
Windows 7: Fix broken Update (Error 0x80248015) 12/4/17
Windows 10: Updates KB4054022, KB4055237, KB4052342 (Nov. 30, 2017)
Microsoft Office Patchday (December 5, 2017)
Patchday: Updates for Windows 7/8.1 (December 12, 2017)
Patchday: Windows 10 Updates December 12, 2017
Patchday: MS Office security updates (December 12, 2017)
Microsoft December 2017-Patchday: Other updates

[German]It seems that Microsoft has bundled the Keeper password manager app within Windows 10 (Home and Pro). A security researcher found a vulnerability within the Keeper app, that allows web sites to stole passwords.

The bundles Keeper app

Microsoft ships a lot of (rubbish) preinstalled apps with Windows 10. That’s annoying, but not a real problem. But now, it seems, that Microsoft’s approach, to roll out (mostly unwanted) third party app to Windows 10 went terrible wrong. When installing Windows 10 from various Microsoft image files (the exact way this app was shipped) isn’t yet clear – I didn’t find the apps on my test systems – but some German blog reader confirmed the presence of the app) it seems, that the app Keeper was preinstalled. A user at reddit.com mentioned it also:

I just reinstalled Windows 10 today, and I was uninstalling all the bundled apps like usual, and I noticed that Keeper Password Manager is preinstalled now. I’ve never seen this come installed with Windows before.

And this isn’t a link to install it like some of the other apps, it’s actually installed and opens.

(Keeper-Passwort-Manager in Windows 10 – Source: reddit.com)

The case has been documented with the screen shot above. At reddit.com other users reported within the thread, that the app has been shipped with Windows 10 Home and with Windows 10 Pro. I guess Windows 10 Enterprise isn’t affected. One user wrote, that he has uninstalled the app 3 times, but it got re-installed again.

The Windows 10 Content Delivery Manager

At this time it’s not clear, whether the Keeper app was included within the Windows 10 install image or if it was installed afterward. At reddit.com somebody posted a link to this article. The author of this article observed an obscure behavior during upgrading to Windows 10 Anniversary Update. He wrote:

With the Windows 10 Anniversary Update, Microsoft added a new feature to the Content Delivery Manager, a component of the OS which is also used for Windows Spotlight and app suggestions.

It now appears to silently install new apps for you without asking for any kind of confirmation.

After I spotted a few new apps after upgrading to the Anniversary Update (not immediately, a few hours later), I decided to take a closer look at this.

The article explains how to block this Content Delivery Manager using registry settings.

Keeper app with a vulnerability

Google’s security researcher Tavis Ormandy also observed after installing a fresh copy of Windows 10, that suddenly the Keeper password manager app has been installed. He has documented this on December 14, 2017 here. Tavis wrote:

I recently created a fresh Windows 10 VM with a pristine image from MSDN, and found that a password manager called “Keeper” is now installed by default. I’m not the only person who has noticed this

[here was a link to the above linked reddit.com thread]:

I assume this is some bundling deal with Microsoft. I’ve heard of Keeper, I remember filing a bug a while ago about how they were injecting privileged UI into pages (issue 917). I checked and, they’re doing the same thing again with this version. I think I’m being generous considering this a new issue that qualifies for a ninety day disclosure, as I literally just changed the selectors and the same attack works.

Tavis remembered that Keeper have had a security problems in the past, because they are injecting privileged UI elmentes into web pages. He inspected the new Keeper password manager app, preinstalled in Windows 10, and found the same vulnerability. This is a complete compromise of Keeper security, allowing any website to steal any password. Tavis linked to the demo page keepertest, that phishes a Twitter account password.

Tavis Ormandy informed Keeper about the vulnerability, and the developers released immediately a fix (as you can read within the this Keeper blog post). Dan Goodin from Arstechnica wrote, that Windows 10 has been bundled and shipped for 8 day with this critical vulnerarbility. Due to the fact, that the Content Delivery Manager has been introduced since Anniversary Update, Woody Leonhard mentioned, that the (potential) risk occurs since 16 months.

I haven’t found the app on my test system – updated via Windows Insider program. But I haven’t downloaded MSDN ISO images yet. The question: Was somebody of you affected? I received feedback from German blog readers, who found Keeper on their Windows 10 system after upgrading to Fall Creators Update.

[English]Windows users sometimes running into error code 0x80248014 during an update. This can also occur during updating apps from the store, or when updating the virus scanners of Windows Defender or Microsoft Security Essentials.

What does error code 0x80248014 mean?

Recently I stumbled upon a thread in Microsoft Answers forum where update error 0x80248014 was addressed. The update error codes with the pattern 0x8024xxxx can be found in various lists (see my blog post Tip: Windows Update error code 0x8024xxxx list). Error code 0x80248014 stands for:

WU_E_DS_UNKNOWNSERVICE An operation did not complete because the service is not in the data store.

An attempt was made to call an unknown service that is not known in the data store. This could be caused by a broken update store, a damaged Windows or a foreign program such as antivirus software.

Try a complete Windows restart

To make sure that services that have not been crashed are the cause of the error, reboot Windows. To do this, select the Restart command while holding down the Shift key. This causes a complete restart, which takes you to Windows PE. From there you can reboot Windows. Compared to a normal reboot, this has the advantage that all drivers and services are reloaded.

Check Windows for damages

Make sure that no corrupted Windows is the cause of the update error. To do this, perform the check steps that I described in the blog post Check and repair Windows system files and component store. If no damages are found, but the error isn’t solved, try the next steps.

Reset Windows Update Store

Next, you can try to reset the Windows Update Store. This ensures that no corrupted update packages are the cause of the error. In the first step, you can try to do this with the fix for Windows Update (see my blog post Windows 10: New update troubleshooter app and site). You can also reset the Update Store manually, using the following steps.

1. Open an administrative command prompt window (type cmd into the taskbar’s search box and use the context menu Run as administrator to launch the search result).

2. Enter the following commands into the command prompt window.

net stop wuauserv
net stop cryptSvc
net stop bits

Then rename the following folder using the commands given below:

ren C:\Windows\SoftwareDistribution SoftwareDistribution.old
ren C:\Windows\System32\catroot2 Catroot2.old

The restart Windows and check, if the update error 0x80248014 during update search is gone.

What else can you do?

In some cases, installed software may be the cause of update errors in Windows Update, Windows Defender, or Windows Store. If a foreign virus scanner (or security suite) is installed, try uninstalling it. Then run the vendor-provided Clean Tool to remove any remaining installation residues.

Because it is repeatedly criticized – no, the system is not unprotected. Windows Defender has been included in the operating system as virus protection since Windows 8.

Some users ruin the ability to download apps from the store by using tuning and security tools (e. g. O&O Shutup). If one of the tools deactivates the Store, error 0x80248014 can also occur.

1. Launch registry editor regedit.exe with administrator rights (Run as Administrator).

2. Navigate to the following key and check the given entries. 

The registry key is:  

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsStore

If there is a DWORD value RemoveWindowsStore, check the value. If the value is set to 1, change it to 0 and reboot Windows.

If that doesn’t help, try a repair install using an Inplace Upgrade. This means launch Setup.exe from your Windows install image from a running Windows. The setup wizard offers an upgrade and installs Windows over the current Windows installation. This keeps files, settings and applications.

Similar articles
Win10 Wiki
Check and repair Windows system files and component store
Windows 10: New update troubleshooter app and site

How to decode Windows errors?
Windows 10: Analyze upgrade errors
Windows: How to decode update 0x8024…. errors

Uninstalling ‘uninstallable’ Windows Updates
How to block Windows 10 updates
Stop Windows from installing updates over and over again

[German]Microsoft’s Windows Hello authentication technology for Windows 10 isn’t foolproof. Two German security researcher has been able to successful bypass Windows Hello with a printout of an image.

Face recognition, which is integrated into Apple or Microsoft products, does not seem to be foolproof. Apple’s FaceID could be out tricked by twins or a special 3D-mask. Now it hits Microsoft, because Windows Hello was tricked out be security researchers. Windows Hello is a function for logging on to Windows 10 devices using fingerprint, face or iris recognition (see).

Spoofing attack against Hello

Within a research project, the IT security experts Matthias Deeg and Philipp Buchegger from German SySS GmbH have succeeded in tricking out the biometric authentication procedure Windows Hello Face Authentication with a spoofing attack. They are describing the attack, which allows an unauthorized access, within this blog post (German and English). The attack only requires a special paper printout with the face of an authorized person. The following prerequisites are specified:

• The face of the person was photographed frontal
• The photo of the person was taken in the near infrared range
• Brightness and contrast of the image have been changed (in a simple manner)
• The paper printout was created with a laser printer

According to both security researchers, such paper prints can be used to successfully circumvent Windows Hello Face Authentication. This has been achieved in different versions of Windows 10 with different hardware and software configurations. The table below shows the Windows 10 versions tested on a Dell Latitude with a LilBit USB Camera.

(Source: syss.de, click to zoom)

According to current knowledge, only the newer Windows 10 versions 1703 and 1709 with the “Enhanced Anti-Spoofing”functionality and corresponding hardware are not susceptible to the spoofing attack tested with a paper printout. The two security researchers intend to publish further results and details of their research project in Spring 2018. The following video demonstrates the attack.

(Source: YouTube)

Similar article:
Unsecure Password Manager app shipped with Windows 10

[German]Blog reader Karl (al Qamar) informed me a while ago about a problem with securiy updates for the Visual C++ runtime libraries (Redistributables). Here are his findings about the issues.

Some Background

Most programs require runtime libraries to run. In Visual C++, this is the redistributables (runtime libraries) that are installed with the respective application. Karl wrote:

Unfortunately MS has made a mistake to secure its runtime libraries aka C++ Runtimes, which are necessary for almost all programs. I myself only became aware of this issue around 2013.

The problem with VC++ runtime updates

If VC++Runtime libraries are updated by security updates, Windows will usually install them side-by-side. Karl writes:

Due to a conceptual error, the C++ Redists are installed side-by-side in most cases, i. e. old insecure Redist remains on the system (Clients and Servers).

Some words about Side-by-Side and WinSxS

Why runtime libraries have to be installed Side-by-Side is discussed within my blog post Windows 7/8.1/10: error side-by-side configuration is incorrect. In short: Runtime libraries are stored centrally so that applications do not have to install the same DLLs in program folders each time. You can save storage space by sharing the libraries.

The problem: If two applications use different versions of a runtime library, conflicts would arise if the last installed application simply overwrote the existing runtime files. Then a conflict occurs during the installation of the application, which was formerly known as “DLL hell”.

To avoid this problem, the Side by side configuration in the folder WinSxS (Windows component store) has been introduced. When an application is installed, the runtime libraries, DLLs, and possibly other resources are stored in a separate subfolder of the WinSxS folder. This prevents multiple files from interfering at the same time. More insides can be found in this blog post linked above.

Another problem: Windows Update and WSUS

Karl also points out some additional issues related to these security updates.

For unknown reasons, Microsoft provides the current versions of[the redistributables] for download (partially), but not all current versions also via WSUS or WU. This applies in particular to C++ 2008-2012.

If the updates are installed via WSUS or WU, this will lead in most cases to the above-mentioned side-by-side installation, since MS will only perform a version check in the MSI Installer with the introduction of C++ 2013.

Furthermore, the updates are considered 3rd party and by default the setting since Windows XP is that only Windows updates are installed, i. e. no other Microsoft updates that include the C++ Redists, Office Updates or SQL / Exchange Server updates. If this option is enabled, Office and driver updates are installed.

In part 2 I document the emails exchanged between Karl and the Microsoft Security Response Center (MSRC). Part 3 contains a FAQ and a solution.

Article series:
The problem with C++ Redists & 3rd Party security patches – I
The problem with C++ Redists & 3rd Party security patches – II
The problem with C++ Redists & 3rd Party security patches – III

Google’s Chrome developers has released a security update for this browser that changes the version to 63.0.3239.108. Here are a few details about this update.

Google Chrome is available for Linux, macOS and Windows. The latest security update to Google Chrome 63.0.3239.108 closes a cross-site scripting vulnerability. CVE-2017-15429 is reserved for this vulnerability, but doesn’t provides details.

Google’s Chrome developers rate the vulnerability as high. Google’s JavaScript engine V8 has two vulnerabilities. This enables Universal Cross Site Scripting (UXSS). Among other things, successful attacks allow malicious code to be executed on the victim’s system.

The security update is automatically distributed via browser update. There is no update available for the portable version I am using. 

[German]In part 1 of the article series I had published a note from blog reader Karl (al Qamar) about a problem related to security updates for the Visual C++ runtime libraries (redistributables). Part 2 deals with the e-mail correspondence between Karl and Microsoft.

Asking Microsoft

Karl decided to contact the folks at Microsoft Security Response Center (MSRC) and discuss his findings.

Dear Microsoft Security Team,

in my daily work I find dozens of installations of Windows, no matter which version, whether these are installations of private users or corporate using SCCM or WSUS.

Many Windows systems are still vulnerable and in my humble opinion not perfectly protected because a design flaw.

Mainly C++ Redists. Users will not get the latest C++ Redistributables via Windows Update and on nearly every system old vulnerable C++ Redist dll exist, as main or side-by-side installation.

There is a tool called Sereby All-in-One that will nearly* cleanly delete all C++ Redists and Side-by-Side installations and force installation of the latest one you provide on your Website only.

The current situation is that C++ Redists will only be patched in parts, not removing unpatched and vulnerable Side-By-Side installations.

Refer the attached screenshot how a clean and updated C++ Redist should look like on every Windows Client. I never had any issues to do so on hundreds of systems.

*because of a file version check in his script it happens that some outdated C++ Redists entries will remain in Programs and Features (now Apps and Features).

(Click to zoom)

But even if you clean up the runtime environment on the machines, there is a follow-up problem, which Karl addresses here:

Another problem arises here:

Even though if a system is successfully patched with the most C++ Redists and all other vulnerable versions have been purged, e.g. using All in One Runtime there is still a risk.

Developers tend to include (outdated) C++ Redists and overwrite newer C++ DLLs, some installers like Acrobat DC (classic branch) are so blatantly coded, that they even persist to have old unpatched C++ Redists installed otherwise the MSI installer will fail.

Also on Steam and other platforms many games will install outdated C++ Redists because only since C++ 2013 there are some countermeasures. But for C++ 2005, 2008, 2010, 2012 there are none.

Additionally I have seen many applications that provide their own outdated C++ Redists in the installation directory instead of using those installed in Windows.

This happens across nearly all applications and games around.

In short: Many applications bring their own, often obsolete Visual C++ runtime environments with them and install them in the program folder (instead of using the DLLs already present in Windows). Karl suggests that Microsoft take care of the issue:

It would be great if you can finally address these security issues and push out all C++ Redists to the systems and set rules to devs not to include and install their own C++ outdated redists, they will never ever care of again.

Uninstall all C++ redists and install the latest ones (currently not included in Microsoft Update Catalog, but only on MS Website). Currently WU / WSUS will not apply all security updates available for MS XML or all C++ Redists. I am sure you will get the point when comparing versions in my screenshot to the updates that will be applied via WU.

Secondly also many developers include DLLs like d3dcompiler_47.dll that have been recently patched. Developers don’t care to apply patches on their C++ Redists and Windows should force following:

These inconsistencies also exist for systems that will not be updated from MS XML 2.0 / 3.0 / 4.0 to MS XML 4.0 SP3.

This also affects usage of OpenSSL in the same way, but I see that is out of MS scope.

In the last few paragraphs of his mail Karl deals with the problem of the d3dcompiler_47.dll. This has had to be patched lately for security reasons. The installation of third-party software then causes unpatched variants of these DLLs to come back on the system.

What does Microsoft say about this?

Microsoft has responded via the MSRC team to Karl’s request with the following text:

Thank you for contacting the Microsoft Security Response Center (MSRC). What you’re reporting appears to be a security related bug/product suggestion.
To best resolve this issue please see the following two links:
“Microsoft Product Support Services”
<http://support.microsoft.com/common/international.aspx>
“Search Products accepting bugs or suggestions”
<http://support.microsoft.com/gp/contactbug/>
Thanks,
Tyler
MSRC

In short: This is not our problem – contact product support or submit it as a bug report under the given links.

Entry in the Feedback Hub

Karl told me afterwards about this entry in the Feedback Hub for Windows 10, where the topic can also be found.

In part 3 there is a solution approach and a FAQ that Karl put together.

Article series:
The problem with C++ Redists & 3rd Party security patches – I
The problem with C++ Redists & 3rd Party security patches – II
The problem with C++ Redists & 3rd Party security patches – III

[German]In parts 1 and 2 of the article series, I picked up a hint from blog reader Karl (al Qamar) about a problem related to security updates for the Visual C++ runtime libraries (redistributables). In part 3 I sketch another solution and publish a Q & A list of Karl on the topic.

The solution: All-In-One Runtime from third party vendors

To get out of the problem, you need a tool that uninstalls the old Visual C++ runtime libraries. Karl wrote:

There is a solution for this problem – the All in One Runtimes 2.4.x from Patrick Kuhnke.

It is recommended to restart the program, as redist-files will be replaced during restart if necessary.

This tool, which I also contributed to at a later date, uninstalls all outdated C++ Redists versions 2005, 2008, 2010, 2010, 2012, 2013 and 2015 and installs the current, currently released and secure versions.

The tool can then be used to install the old runtime environments de- and the current runtime environments. A short description can be found on the website www.sereby.org and here and here.

Questions & Answers (Q&A)

Q: Why should I update the C++ Redists at all, everything is running?

A: Because almost all programs running under Windows access it and are vulnerable to buffer overflows or other programmatic attacks.

Q: Some programs install old C++ Redists although a newer version already exists. Will that protect me?

A: No, MS has failed to provide effective protection against overwriting and side-by-side installations until C++ 2013. Unfortunately some programs do not use the Redists provided in Windows but keep them in their own program directory. But I wouldn’t go so far as to replace them. However, these components are not expected to be patched by the software vendor (similar to OpenSSL).

Q: Why is there even this side-by-side installation?

A: The idea was (some sources told me, which was not used effectively), to give the developers the opportunity to test new releases of the C++ Redists more easily for possible problems.

Q: Are there any problems when updating the old versions?

A: I’m not aware of any known issue related to the update itself.
Even antiquated medical programs, where programmers give little thought to such things, were still functional in productive environments. Even special software such as Datev or Adobe did not cause any interference. Extremely rarely problems can occur if the side-by-side store (WinSxS) is defective. But then the manual uninstallation and re-installation of the affected C++ Redists helped.

Q: Are there are separate redists for each C++ release?

A: Basically, yes. The C++ 2015 Redists have now been replaced by C++ 2017. But this is a novelty. 

Q: Why do we need old C++ 2005 Redists, if there are already C++ 2017 Redists available?

A: It’s like NET. NET 2.0-3.5 is required for old applications compiled with this framework.

While you can use. NET 4.0-4.7 together.  With the C++ Redists it is exactly the same, depending on which C++ Visual Studio was used to compile the application, you need the appropriate runtimes. 

Q: I always see in programs and features at least 2 entries, x86 and x64. Is that correct?

A: Yes, even if you are using an x64 bit OS, a program in question can still be compiled in 32bit (x86). 

Q: What do I do if there are several Redists with different versions?

A: Uninstall the old versions, or run the tool. If the tool leaves old version entries (can occur rarely), they should be uninstalled manually.

Q: On servers there are not only the Redists but also some other C++ runtimes. Is this the same?

A: No, these runtimes contain an extended range of functions and are much larger. Often with SQL Server or Exchange. However, the versioning principle is the same. 

Q: Why doesn’t MS manage the “chaos” itself? 

A: Good question! Although there has been a version check since 2013, it is still sometimes the case that C++ 2013 / 2015 will install, although a newer version is already installed.

Q: The following message appears during uninstallation: Error code 0x01

A: This is not bad, if the program does not find a version, for example, it will misinterpret the error level of the batch file. 

Q: What does a “correct” installation currently look like?

A: Here is the list of modules. 

(Click to zoom)

Article series:
The problem with C++ Redists & 3rd Party security patches – I
The problem with C++ Redists & 3rd Party security patches – II
The problem with C++ Redists & 3rd Party security patches – III

[German]Since upgrading to Windows 10 Case Creators Update, users facing an issue. LTE surf sticks like the Huawei E3372 or the Huawei E3372h-153, the Huawei E5573 etc. don’t work anymore.

Windows 10 V1709 kills modem connection

German blog reader Thomas B. has informed me about this issue via e-mail. Thomas wrote:

In Win10 there is an issue that has somehow remained unnoticed so far, although there are probably a lot of people who might be affected: since the Creators update, HUAWEI Surfsticks (e. g. the E3372h-153) don’t work anymore, or only if you manually change the adapter settings (what hardly anyone knows and what a normal user can’t do or doesn’t dare to do).

MS had promised a fix  in November and allegedly delivered it with the cumulative update of 30.11.2017, but the issued hasn’t been fixed.

At Microsoft Answers forum there is this thread, dealing with the same issue. On October 23, 2017 a user wrote:

Modem Dongle not Working On Windows 10 Fall Creators Update

When I upgraded to 1709 (16299.19) I couldn’t get my Huawei E3372 Modem to connect!

Before the upgrade I had no problem and with no drivers it could connect to the internet.

I have done everything that I think of, Unfortunately NO LUCK!

What is the solution?

Another user pointed out, that the issue shall be fixed by the November 2017 update, but that hasn’t worked.  One proposal is a downgrade to Windows 10 version 1703.

A workaround

Some affected user provided a workout posted by Huawei. The surf stick has a fixed IP address used to communicate with Windows 10. Obviously Windows 10 V1709 doesn’t manage to connect to the DHCP server provided by the surf stick’s firmware, to receive an IP address. The workaround consists of assigning a static IP address for the adapter and set the required communication parameters. First determine the IP address used by the modem (should be visible of the sticker.

Then assign the static IP address obtained from the stick to the network adapter of the surf stick.

1. Right click the network icon in task bar and select the context menu command to go to Network- and Internet settings.

2. In Networkconnection window double click Local Area connection x.

3. Click in property window of the network adapter Internet Protocol Version 4 (TCP/IPv4) and then the button Properties.

4. Enter the static IP addresses shown above into the property window.

Here are the values for “Remote NDIS based Internet Sharing Device”:

IP-Address: 192.168.1.100
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.1.1

As DNS server you may also use Google’s 8.8.8.8 (see this thread). The the LTE modem should work in Windows 10 Fall Creators Update.

[German]User of Windows 10 Fall Creators Update (version 1709) may be experiencing installation problems with update KB4054517. Here is some information.

Update KB4054517 for Windows 10 (V1709)

Update KB4054517 has been released at December 12, 2017 during patchday. It’s a cumulative update, which I introduced within my blog post Patchday: Windows 10 Updates December 12, 2017. Within this blog pot I had already briefly mentioned some problems:

I found some posts within the Internet that the download hangs (here and here), the installation is aborted, or BlueScreens would appear after the installation. But this was single incidents. My recommendation would have been: uninstall third-party antivirus tools and run Windows Update troubleshooting as a fix. In this thread, some users report that they have problems with the installation of the simultaneous Defender update.

The cumulative update is automatically downloaded and installed via Windows Update. Alternatively, the whole thing can be taken from the Microsoft Update Catalog. The update was installed on my test machine without any problems.

But there are many users affected

Woody Leonhard had already pointed out the installation problems in this post a few days ago. Microsoft Answers has a long forum thread on this topic. Woody Leonhard published this article at Computer World. AskWoody reference to the solutions at Shimar, but I don’t really think this successful. But there are other explanations.

Because only part of it failed. Specifically some appx registration after everything else was done.

— Orange (@RhymesWthOrange) 14. Dezember 2017

Softpedia mentioned within this article the Tweet above, saying that the update are fails only partially.

Microsoft confirms the issues

Microsoft has become aware of the issues and added some additional known issue into KB article on update KB4054517:

• Update installation may stop at 99% and may show elevated CPU or disk utilization if a device was reset using the Reset this PC functionality after installing KB4054022.
• Windows Update History reports that KB4054517 failed to install because of Error 0x80070643.

Microsoft provides a workaround for the download hangs issue and an explanation for the 2nd issue. Microsoft is working on a resolution and will provide an update in an upcoming release.

[German]Owners of older Radeon graphics cards (HD 2000, HD 3000, HD 4000) are struggling with display issues since November 2017. Microsoft now released update KB4057291 on December 18, 2017, to fix the multi-monitor display issues in Windows 10 Creators Update (V1703) and Windows 10 Fall Creators Update (V1709).

The problem with Radeon graphic cards

At the end of November 2017 Microsoft had released a graphics driver “Advanced Micro Devices, Inc. – Display – 7/25/2017 12:00:00 AM – 22.19.128.0”. Owners of older Radeon graphics cards (Radeon HD 2000, Radeon HD 3000, Radeon HD 4000) had serious issues after installing this driver under Windows 10.

At Microsoft Answers there is a forum thread about that topic. The thread starter (from Microsoft) wrote:

An update was recently installed and now my AMD Radeon HD 3200 display adapter is not working as it did before. I’ve lost my preferred resolution option and the ability to use multiple monitors, and the adapter type is now reported as Microsoft Basic Display Driver. Any suggestions?

The preferred resolution was lost and only resolutions between 800 x 600, 1024 x 768 and 1280 x 1024 pixels could be selected. And it was no longer possible to use multiple monitors (among other things) because the outputs for the monitors were no longer correctly detected. Microsoft’s answer was, that  they knew the problem and were working on a solution.

We are aware of a problem that resulted in an incorrect driver update for some AMD Radeon HD 2000, 3000, and 4000 series adapters.

Also in AMD forum some affected uses left their comments. Woody Leonhard discussed this topic at Computer World.

A possible workaround should be to open the properties page of the graphics driver in Device Manager. Then, on the Drivers tab, select the button to return to the previous driver.

Update KB4057291 fixes this issue

On December 18, 2017 Microsoft released Update KB4057291 (Multi-monitor display and display resolution are not working for some AMD legacy cards) for Windows 10 Creators Update (V1703) and Windows 10 Fall Creators Update (V1709). The description contains the following details:

Multi-monitor display and display resolution are not working for some AMD legacy cards (for example, Radeon HD 2000, HD3000, and HD4000 series) that mistakenly receive driver 22.19.128.0.

This update will install a driver to restore multi-monitor display and resolution control capabilities.

The update is automatically distributed via Windows Update for the named versions of Windows 10. It is also downloadable from Microsoft Update Catalog.

[German]Some users of Windows 10 get a strange error message when trying to install Apple’s iCloud client. Windows says that that Media Feature Pack is missing. Here is some information about this issue.

German blog reader Matthias N. informed me about that issue that has been discussed within German Microsoft Answers-Forum. Here is an English discussion thread about that topic.

What’s the problem?

Owners of Windows 10 systems that are also uses Apple products has probably to install Apple’s iCloud. Some Windows 10 users occasionally are facing an installation abort with the message:

iCloud

Your computer is missing Media features. Please download Media Feature Pack from Microsoft website and install and try again.

This program obviously needs the media features of Windows that were not found on the affected system. The error dialog box gives specific instructions on how to proceed. But what’s the reason for the missing media features?

Reason 1: Windows 10 N version

The first reason why the above message may appear during iCloud installation is that a Windows 10 N (or KN) version is used. These variants were introduced by Microsoft under pressure from the EU Commission and from Korean government. Both SKUs doesn’t contain any media features or Windows Media Player (WMP).

If you have a Windows 10 N version, you can add the media functions via the Media Feature Pack. There is a separate package for each Windows 10 build. I have summarized what to know about within the following blog posts.

Media Feature Pack for Windows 10 N Version 1703
Media Feature Pack for Windows 10 N Version 1709

Reason 2: Media Features deactivated

If you don’t use a Windows 10 N variant, but still get the above error message during iCloud installation, you are facing a problem. The Media Feature Pack cannot be installed on such a platform – the functions are already included in the operating system.

This was the scenario mentioned within this Microsoft Answers forum thread. In this case, it is highly likely that the media features have been removed under Windows 10.

This case has been discussed within this Apple support page. Search in task bar’s search box for Windows Feature. Then check, if the Media Features (and Windows Media Player) are unchecked – check the item (see screenshot above).

Reason 3: Windows Media Player is missing

In some cases Windows Media Player (WMP) has been removed from Windows 10. I had addressed this topic within my blog post Windows 10 V1709: Update KB4046355 removes Windows Media Player. Microsoft has already erroneously removed the WMP from Windows 10.

Within my blog post, as well as in this Microsoft Answers forum post is described how to add the WMP via optional features again to the system.

Reason 4: Antivirus software blocks WMP

Within this Microsoft Answers forum post it wasn’t possible, to add WMP. Windows 10 refused to do that. Here is the German error message.

The user received error code 0x800F0821 when trying to add the WMP to Windows 10. The code indicates that the operation has been aborted. During the discussion within the thread, the antivirus solution has been uninstalled. Afterward it was possible to add the WMP and install the iCloud. In the concrete case, the Avira virus scanner was the culprit.

A Registry hack, to solve the situation

During writing this blog post I came across this post, which says that the request for media features is an outdated requirement from Windows 7. If none of the above fixes the issue, launch registry editor regedit.exe as administrator. Go to the registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Setup\WindowsFeatures\

and change the DWORD value WindowsMediaVersion a value of 1. If this entry is missing, add a new DWORD value WindowsMediaVersion. Then reinstall iCloud for Windows. Turn off all given options to install calendar, address book, etc. iCloud will automatically install all of your iCloud items.

Similar articles:
Security update for iCloud for Windows
Microsoft Outlook: Fix for iCloud Sync problem
Outlook Sept. patch day bug reviews (iCloud, VB-Script…)
Windows 10 V1709: Update KB4046355 removes Windows Media Player

[German]Windows 10 throw sometimes error codes of the type 0x8024xxxxxx when installing updates. Within this blog post I have summarized several of these error codes with the plain text error messages..

The error codes as well as the clear texts can be extracted from various error files of the Windows SDK and are partly documented by Microsoft on the web. The article here enlists a couple of additional error codes, for example. Microsoft divides the error codes in the update into several categories, depending on when the process failed

Windows Update Error Codes

Error codes 0x80240001 till 0x80240FFF

are reported when an update fails. Here are the error codes and clear text messages.

0x80240001 WU_E_NO_SERVICE Windows Update Agent was unable to provide the service.
0x80240002 WU_E_MAX_CAPACITY_REACHED The maximum capacity of the service was exceeded.
0x80240003 WU_E_UNKNOWN_ID An ID cannot be found.
0x80240004 WU_E_NOT_INITIALIZED The object could not be initialized.
0x80240005 WU_E_RANGEOVERLAP The update handler requested a byte range overlapping a previously requested range.
0x80240006 WU_E_TOOMANYRANGES The requested number of byte ranges exceeds the maximum number (2^31 - 1).
0x80240007 WU_E_INVALIDINDEX The index to a collection was invalid.
0x80240008 WU_E_ITEMNOTFOUND The key for the item queried could not be found.
0x80240009 WU_E_OPERATIONINPROGRESS Another conflicting operation was in progress. Some operations such as installation cannot be performed twice simultaneously.
0x8024000A WU_E_COULDNOTCANCEL Cancellation of the operation was not allowed.
0x8024000B WU_E_CALL_CANCELLED Operation was cancelled.
0x8024000C WU_E_NOOP No operation was required.
0x8024000D WU_E_XML_MISSINGDATA Windows Update Agent could not find required information in the update's XML data.
0x8024000E WU_E_XML_INVALID Windows Update Agent found invalid information in the update's XML data.
0x8024000F WU_E_CYCLE_DETECTED Circular update relationships were detected in the metadata.
0x80240010 WU_E_TOO_DEEP_RELATION Update relationships too deep to evaluate were evaluated.
0x80240011 WU_E_INVALID_RELATIONSHIP An invalid update relationship was detected.
0x80240012 WU_E_REG_VALUE_INVALID An invalid registry value was read.
0x80240013 WU_E_DUPLICATE_ITEM Operation tried to add a duplicate item to a list.
0x80240016 WU_E_INSTALL_NOT_ALLOWED Operation tried to install while another installation was in progress or the system was pending a mandatory restart.
0x80240017 WU_E_NOT_APPLICABLE Operation was not performed because there are no applicable updates.
0x80240018 WU_E_NO_USERTOKEN Operation failed because a required user token is missing.
0x80240019 WU_E_EXCLUSIVE_INSTALL_CONFLICT An exclusive update cannot be installed with other updates at the same time.
0x8024001A WU_E_POLICY_NOT_SET A policy value was not set.
0x8024001B WU_E_SELFUPDATE_IN_PROGRESS The operation could not be performed because the Windows Update Agent is self-updating.
0x8024001D WU_E_INVALID_UPDATE An update contains invalid metadata.
0x8024001E WU_E_SERVICE_STOP Operation did not complete because the service or system was being shut down.
0x8024001F WU_E_NO_CONNECTION Operation did not complete because the network connection was unavailable.
0x80240020 WU_E_NO_INTERACTIVE_USER Operation did not complete because there is no logged-on interactive user.
0x80240021 WU_E_TIME_OUT Operation did not complete because it timed out.
0x80240022 WU_E_ALL_UPDATES_FAILED Operation failed for all the updates.
0x80240023 WU_E_EULAS_DECLINED The license terms for all updates were declined.
0x80240024 WU_E_NO_UPDATE There are no updates.
0x80240025 WU_E_USER_ACCESS_DISABLED Group Policy settings prevented access to Windows Update.
0x80240026 WU_E_INVALID_UPDATE_TYPE The type of update is invalid.
0x80240027 WU_E_URL_TOO_LONG The URL exceeded the maximum length.
0x80240028 WU_E_UNINSTALL_NOT_ALLOWED The update could not be uninstalled because the request did not originate from a WSUS server.
0x80240029 WU_E_INVALID_PRODUCT_LICENSE Search may have missed some updates before there is an unlicensed application on the system.
0x8024002A WU_E_MISSING_HANDLER A component required to detect applicable updates was missing.
0x8024002B WU_E_LEGACYSERVER An operation did not complete because it requires a newer version of server.
0x8024002C WU_E_BIN_SOURCE_ABSENT A delta-compressed update could not be installed because it required the source.
0x8024002D WU_E_SOURCE_ABSENT A full-file update could not be installed because it required the source.
0x8024002E WU_E_WU_DISABLED Access to an unmanaged server is not allowed.
0x8024002F WU_E_CALL_CANCELLED_BY_POLICY Operation did not complete because the DisableWindowsUpdateAccess policy was set.
0x80240030 WU_E_INVALID_PROXY_SERVER The format of the proxy list was invalid.
0x80240031 WU_E_INVALID_FILE The file is in the wrong format.
0x80240032 WU_E_INVALID_CRITERIA The search criteria string was invalid.
0x80240033 WU_E_EULA_UNAVAILABLE License terms could not be downloaded.
0x80240034 WU_E_DOWNLOAD_FAILED Update failed to download.
0x80240035 WU_E_UPDATE_NOT_PROCESSED The update was not processed.
0x80240036 WU_E_INVALID_OPERATION The object's current state did not allow the operation.
0x80240037 WU_E_NOT_SUPPORTED The functionality for the operation is not supported.
0x80240038 WU_E_WINHTTP_INVALID_FILE The downloaded file has an unexpected content type.
0x80240039 WU_E_TOO_MANY_RESYNC Agent is asked by server to resync too many times.
0x80240040 WU_E_NO_SERVER_CORE_SUPPORT WUA API method does not run on Server Core installation.
0x80240041 WU_E_SYSPREP_IN_PROGRESS Service is not available while sysprep is running.
0x80240042 WU_E_UNKNOWN_SERVICE The update service is no longer registered with AU.
0x80240FFF WU_E_UNEXPECTED An operation failed due to reasons not covered by another error code.

Windows Installer minor errors

Error codes 0x80241001 till 0x80241FFF indicate that parts already failed during the search, because the Windows Installer is experiencing problems while other parts of the search were successful and reported a success.

0x80241001 WU_E_MSI_WRONG_VERSION Search may have missed some updates because the Windows Installer is less than version 3.1.
0x80241002 WU_E_MSI_NOT_CONFIGURED Search may have missed some updates because the Windows Installer is not configured.
0x80241003 WU_E_MSP_DISABLED Search may have missed some updates because policy has disabled Windows Installer patching.
0x80241004 WU_E_MSI_WRONG_APP_CONTEXT An update could not be applied because the application is installed per-user.
0x80241FFF WU_E_MSP_UNEXPECTED Search may have missed some updates because there was a failure of the Windows Installer.

Protocol talker error I

Microsoft has reserved a whole category of error codes of the type 0x80244xxx to display protocol errors (SOAPCLIENT_ERROR errors) in update communication with the update server (Source Atlsoap.h).

0x80244000 WU_E_PT_SOAPCLIENT_BASE WU_E_PT_SOAPCLIENT_* error codes map to the SOAPCLIENT_ERROR enum of the ATL Server Library.
0x80244001 WU_E_PT_SOAPCLIENT_INITIALIZE Same as SOAPCLIENT_INITIALIZE_ERROR - initialization of the SOAP client failed, possibly because of an MSXML installation failure.
0x80244002 WU_E_PT_SOAPCLIENT_OUTOFMEMORY Same as SOAPCLIENT_OUTOFMEMORY - SOAP client failed because it ran out of memory.
0x80244003 WU_E_PT_SOAPCLIENT_GENERATE Same as SOAPCLIENT_GENERATE_ERROR - SOAP client failed to generate the request.
0x80244004 WU_E_PT_SOAPCLIENT_CONNECT Same as SOAPCLIENT_CONNECT_ERROR - SOAP client failed to connect to the server.
0x80244005 WU_E_PT_SOAPCLIENT_SEND Same as SOAPCLIENT_SEND_ERROR - SOAP client failed to send a message for reasons of WU_E_WINHTTP_* error codes.
0x80244006 WU_E_PT_SOAPCLIENT_SERVER Same as SOAPCLIENT_SERVER_ERROR - SOAP client failed because there was a server error.
0x80244007 WU_E_PT_SOAPCLIENT_SOAPFAULT Same as SOAPCLIENT_SOAPFAULT - SOAP client failed because there was a SOAP fault for reasons of WU_E_PT_SOAP_* error codes.
0x80244008 WU_E_PT_SOAPCLIENT_PARSEFAULT Same as SOAPCLIENT_PARSEFAULT_ERROR - SOAP client failed to parse a SOAP fault.
0x80244009 WU_E_PT_SOAPCLIENT_READ Same as SOAPCLIENT_READ_ERROR - SOAP client failed while reading the response from the server.
0x8024400A WU_E_PT_SOAPCLIENT_PARSE Same as SOAPCLIENT_PARSE_ERROR - SOAP client failed to parse the response from the server.

Protocol talker error II

The error codes in the following list denote SOAP_ERROR_CODEs from Atlsoap.h that can occur when SOAPCLIENT_SOAPFAULT is returned.

0x8024400B WU_E_PT_SOAP_VERSION Same as SOAP_E_VERSION_MISMATCH - SOAP client found an unrecognizable namespace for the SOAP envelope.
0x8024400C WU_E_PT_SOAP_MUST_UNDERSTAND Same as SOAP_E_MUST_UNDERSTAND - SOAP client was unable to understand a header.
0x8024400D WU_E_PT_SOAP_CLIENT Same as SOAP_E_CLIENT - SOAP client found the message was malformed; fix before resending.
0x8024400E WU_E_PT_SOAP_SERVER Same as SOAP_E_SERVER - The SOAP message could not be processed due to a server error; resend later.
0x8024400F WU_E_PT_WMI_ERROR There was an unspecified Windows Management Instrumentation (WMI) error.
0x80244010 WU_E_PT_EXCEEDED_MAX_SERVER_TRIPS The number of round trips to the server exceeded the maximum limit.
0x80244011 WU_E_PT_SUS_SERVER_NOT_SET WUServer policy value is missing in the registry.
0x80244012 WU_E_PT_DOUBLE_INITIALIZATION Initialization failed because the object was already initialized.
0x80244013 WU_E_PT_INVALID_COMPUTER_NAME The computer name could not be determined.
0x80244014 WU_E_PT_INVALID_COMPUTER_LSID Cannot determine computer LSID.
0x80244015 WU_E_PT_REFRESH_CACHE_REQUIRED The reply from the server indicates that the server was changed or the cookie was invalid; refresh the state of the internal cache and retry.
0x80244016 WU_E_PT_HTTP_STATUS_BAD_REQUEST Same as HTTP status 400 - the server could not process the request due to invalid syntax.
0x80244017 WU_E_PT_HTTP_STATUS_DENIED Same as HTTP status 401 - the requested resource requires user authentication.
0x80244018 WU_E_PT_HTTP_STATUS_FORBIDDEN Same as HTTP status 403 - server understood the request, but declined to fulfill it.
0x80244019 WU_E_PT_HTTP_STATUS_NOT_FOUND Same as HTTP status 404 - the server cannot find the requested URI (Uniform Resource Identifier)
0x8024401A WU_E_PT_HTTP_STATUS_BAD_METHOD Same as HTTP status 405 - the HTTP method is not allowed.
0x8024401B WU_E_PT_HTTP_STATUS_PROXY_AUTH_REQ Same as HTTP status 407 - proxy authentication is required.
0x8024401C WU_E_PT_HTTP_STATUS_REQUEST_TIMEOUT Same as HTTP status 408 - the server timed out waiting for the request.
0x8024401D WU_E_PT_HTTP_STATUS_CONFLICT Same as HTTP status 409 - the request was not completed due to a conflict with the current state of the resource.
0x8024401E WU_E_PT_HTTP_STATUS_GONE Same as HTTP status 410 - requested resource is no longer available at the server.
0x8024401F WU_E_PT_HTTP_STATUS_SERVER_ERROR Same as HTTP status 500 - an error internal to the server prevented fulfilling the request.
0x80244020 WU_E_PT_HTTP_STATUS_NOT_SUPPORTED Same as HTTP status 500 - server does not support the functionality required to fulfill the request.
0x80244021 WU_E_PT_HTTP_STATUS_BAD_GATEWAY Same as HTTP status 502 - the server, while acting as a gateway or proxy, received an invalid response from the upstream server it accessed in attempting to fulfill the request.
0x80244022 WU_E_PT_HTTP_STATUS_SERVICE_UNAVAIL Same as HTTP status 503 - the service is temporarily overloaded.
0x80244023 WU_E_PT_HTTP_STATUS_GATEWAY_TIMEOUT Same as HTTP status 503 - the request was timed out waiting for a gateway.
0x80244024 WU_E_PT_HTTP_STATUS_VERSION_NOT_SUP Same as HTTP status 505 - the server does not support the HTTP protocol version used for the request.
0x80244025 WU_E_PT_FILE_LOCATIONS_CHANGED Operation failed due to a changed file location; refresh internal state and resend.
0x80244026 WU_E_PT_REGISTRATION_NOT_SUPPORTED Operation failed because Windows Update Agent does not support registration with a non-WSUS server.
0x80244027 WU_E_PT_NO_AUTH_PLUGINS_REQUESTED The server returned an empty authentication information list.
0x80244028 WU_E_PT_NO_AUTH_COOKIES_CREATED Windows Update Agent was unable to create any valid authentication cookies.
0x80244029 WU_E_PT_INVALID_CONFIG_PROP A configuration property value was wrong.
0x8024402A WU_E_PT_CONFIG_PROP_MISSING A configuration property value was missing.
0x8024402B WU_E_PT_HTTP_STATUS_NOT_MAPPED The HTTP request could not be completed and the reason did not correspond to any of the WU_E_PT_HTTP_* error codes.
0x8024402C WU_E_PT_WINHTTP_NAME_NOT_RESOLVED Same as ERROR_WINHTTP_NAME_NOT_RESOLVED - the proxy server or target server name cannot be resolved.
0x8024502D WU_E_PT_SAME_REDIR_ID Windows Update Agent failed to download a redirector cabinet file with a new redirectorId value from the server during the recovery.
0x8024502E WU_E_PT_NO_MANAGED_RECOVER A redirector recovery action did not complete because the server is managed.
0x8024402F WU_E_PT_ECP_SUCCEEDED_WITH_ERRORS External cab file processing completed with some errors.
0x80244030 WU_E_PT_ECP_INIT_FAILED The external cab processor initialization did not complete.
0x80244031 WU_E_PT_ECP_INVALID_FILE_FORMAT The format of a metadata file was invalid.
0x80244032 WU_E_PT_ECP_INVALID_METADATA External cab processor found invalid metadata.
0x80244033 WU_E_PT_ECP_FAILURE_TO_EXTRACT_DIGEST The file digest could not be extracted from an external cab file.
0x80244034 WU_E_PT_ECP_FAILURE_TO_DECOMPRESS_CAB_FILE An external cab file could not be decompressed.
0x80244035 WU_E_PT_ECP_FILE_LOCATION_ERROR External cab processor was unable to get file locations.
0x80244FFF WU_E_PT_UNEXPECTED A communication error not covered by another WU_E_PT_* error code.

Redirector error

The redirector components that download and parse Wuredir.cab may reports the following error codes.

0x80245001 WU_E_REDIRECTOR_LOAD_XML The redirector XML document could not be loaded into the DOM class.
0x80245002 WU_E_REDIRECTOR_S_FALSE The redirector XML document is missing some required information.
0x80245003 WU_E_REDIRECTOR_ID_SMALLER The redirectorId in the downloaded redirector cab is less than in the cached cab.
0x80245FFF WU_E_REDIRECTOR_UNEXPECTED The redirector failed for reasons not covered by another WU_E_REDIRECTOR_* error code.

Driver util error

The PnP device in question is removed from the list of Plug-n-Play devices (enumerated device) because one of the hardware IDs or Compatible IDs matches the IDs of an installed printer driver. This is not a fatal error and the device is simply skipped.

0x8024C001 WU_E_DRV_PRUNED A driver was skipped.
0x8024C002 WU_E_DRV_NOPROP_OR_LEGACY A property for the driver could not be found. It may not conform with required specifications.
0x8024C003 WU_E_DRV_REG_MISMATCH The registry type read for the driver does not match the expected type.
0x8024C004 WU_E_DRV_NO_METADATA The driver update is missing metadata.
0x8024C005 WU_E_DRV_MISSING_ATTRIBUTE The driver update is missing a required attribute.
0x8024C006 WU_E_DRV_SYNC_FAILED Driver synchronization failed.
0x8024C007 WU_E_DRV_NO_PRINTER_CONTENT Information required for the synchronization of applicable printers is missing.
0x8024CFFF WU_E_DRV_UNEXPECTED A driver error not covered by another WU_E_DRV_* code.

Data store error

These codes addresses Data store errors.

0x80248000 WU_E_DS_SHUTDOWN An operation failed because Windows Update Agent is shutting down.
0x80248001 WU_E_DS_INUSE An operation failed because the data store was in use.
0x80248002 WU_E_DS_INVALID The current and expected states of the data store do not match.
0x80248003 WU_E_DS_TABLEMISSING The data store is missing a table.
0x80248004 WU_E_DS_TABLEINCORRECT The data store contains a table with unexpected columns.
0x80248005 WU_E_DS_INVALIDTABLENAME A table could not be opened because the table is not in the data store.
0x80248006 WU_E_DS_BADVERSION The current and expected versions of the data store do not match.
0x80248007 WU_E_DS_NODATA The information requested is not in the data store.
0x80248008 WU_E_DS_MISSINGDATA The data store is missing required information or has a NULL in a table column that requires a non-null value.
0x80248009 WU_E_DS_MISSINGREF The data store is missing required information or has a reference to missing license terms, file, localized property or linked row.
0x8024800A WU_E_DS_UNKNOWNHANDLER The update was not processed because its update handler could not be recognized.
0x8024800B WU_E_DS_CANTDELETE The update was not deleted because it is still referenced by one or more services.
0x8024800C WU_E_DS_LOCKTIMEOUTEXPIRED The data store section could not be locked within the allotted time.
0x8024800D WU_E_DS_NOCATEGORIES The category was not added because it contains no parent categories and is not a top-level category itself.
0x8024800E WU_E_DS_ROWEXISTS The row was not added because an existing row has the same primary key.
0x8024800F WU_E_DS_STOREFILELOCKED The data store could not be initialized because it was locked by another process.
0x80248010 WU_E_DS_CANNOTREGISTER The data store is not allowed to be registered with COM in the current process.
0x80248011 WU_E_DS_UNABLETOSTART Could not create a data store object in another process.
0x80248013 WU_E_DS_DUPLICATEUPDATEID The server sent the same update to the client with two different revision IDs.
0x80248014 WU_E_DS_UNKNOWNSERVICE An operation did not complete because the service is not in the data store.
0x80248015 WU_E_DS_SERVICEEXPIRED An operation did not complete because the registration of the service has expired.
0x80248016 WU_E_DS_DECLINENOTALLOWED A request to hide an update was declined because it is a mandatory update or because it was deployed with a deadline.
0x80248017 WU_E_DS_TABLESESSIONMISMATCH A table was not closed because it is not associated with the session.
0x80248018 WU_E_DS_SESSIONLOCKMISMATCH A table was not closed because it is not associated with the session.
0x80248019 WU_E_DS_NEEDWINDOWSSERVICE A request to remove the Windows Update service or to unregister it with Automatic Updates was declined because it is a built-in service and/or Automatic Updates cannot fall back to another service.
0x8024801A WU_E_DS_INVALIDOPERATION A request was declined because the operation is not allowed.
0x8024801B WU_E_DS_SCHEMAMISMATCH The schema of the current data store and the schema of a table in a backup XML document do not match.
0x8024801C WU_E_DS_RESETREQUIRED The data store requires a session reset; release the session and retry with a new session.
0x8024801D WU_E_DS_IMPERSONATED A data store operation did not complete because it was requested with an impersonated identity.
0x80248FFF WU_E_DS_UNEXPECTED A data store error not covered by another WU_E_DS_* code.

Inventory error

Error codes related to inventory.

0x80249001 WU_E_INVENTORY_PARSEFAILED Parsing of the rule file failed.
0x80249002 WU_E_INVENTORY_GET_INVENTORY_TYPE_FAILED Failed to get the requested inventory type from the server.
0x80249003 WU_E_INVENTORY_RESULT_UPLOAD_FAILED Failed to upload inventory result to the server.
0x80249004 WU_E_INVENTORY_UNEXPECTED There was an inventory error not covered by another error code.
0x80249005 WU_E_INVENTORY_WMI_ERROR A WMI error occurred when enumerating the instances for a particular class.

AU error

Error codes related to Automatic Update (AU).

0x8024A000 WU_E_AU_NOSERVICE Automatic Updates was unable to service incoming requests.
0x8024A002 WU_E_AU_NONLEGACYSERVER The old version of the Automatic Updates client has stopped because the WSUS server has been upgraded.
0x8024A003 WU_E_AU_LEGACYCLIENTDISABLED The old version of the Automatic Updates client was disabled.
0x8024A004 WU_E_AU_PAUSED Automatic Updates was unable to process incoming requests because it was paused.
0x8024A005 WU_E_AU_NO_REGISTERED_SERVICE No unmanaged service is registered with AU.
0x8024AFFF WU_E_AU_UNEXPECTED An Automatic Updates error not covered by another WU_E_AU * code.

Update handler error

These error codes are reported from update handler in Windows client.

0x80242000 WU_E_UH_REMOTEUNAVAILABLE A request for a remote update handler could not be completed because no remote process is available.
0x80242001 WU_E_UH_LOCALONLY A request for a remote update handler could not be completed because the handler is local only.
0x80242002 WU_E_UH_UNKNOWNHANDLER A request for an update handler could not be completed because the handler could not be recognized.
0x80242003 WU_E_UH_REMOTEALREADYACTIVE A remote update handler could not be created because one already exists.
0x80242004 WU_E_UH_DOESNOTSUPPORTACTION A request for the handler to install (uninstall) an update could not be completed because the update does not support install (uninstall).
0x80242005 WU_E_UH_WRONGHANDLER An operation did not complete because the wrong handler was specified.
0x80242006 WU_E_UH_INVALIDMETADATA A handler operation could not be completed because the update contains invalid metadata.
0x80242007 WU_E_UH_INSTALLERHUNG An operation could not be completed because the installer exceeded the time limit.
0x80242008 WU_E_UH_OPERATIONCANCELLED An operation being done by the update handler was cancelled.
0x80242009 WU_E_UH_BADHANDLERXML An operation could not be completed because the handler-specific metadata is invalid.
0x8024200A WU_E_UH_CANREQUIREINPUT A request to the handler to install an update could not be completed because the update requires user input.
0x8024200B WU_E_UH_INSTALLERFAILURE The installer failed to install (uninstall) one or more updates.
0x8024200C WU_E_UH_FALLBACKTOSELFCONTAINED The update handler should download self-contained content rather than delta-compressed content for the update.
0x8024200D WU_E_UH_NEEDANOTHERDOWNLOAD The update handler did not install the update because it needs to be downloaded again.
0x8024200E WU_E_UH_NOTIFYFAILURE The update handler failed to send notification of the status of the install (uninstall) operation.
0x8024200F WU_E_UH_INCONSISTENT_FILE_NAMES The file names contained in the update metadata and in the update package are inconsistent.
0x80242010 WU_E_UH_FALLBACKERROR The update handler failed to fall back to the self-contained content.
0x80242011 WU_E_UH_TOOMANYDOWNLOADREQUESTS The update handler has exceeded the maximum number of download requests.
0x80242012 WU_E_UH_UNEXPECTEDCBSRESPONSE The update handler has received an unexpected response from CBS.
0x80242013 WU_E_UH_BADCBSPACKAGEID The update metadata contains an invalid CBS package identifier.
0x80242014 WU_E_UH_POSTREBOOTSTILLPENDING The post-reboot operation for the update is still in progress.
0x80242015 WU_E_UH_POSTREBOOTRESULTUNKNOWN The result of the post-reboot operation for the update could not be determined.
0x80242016 WU_E_UH_POSTREBOOTUNEXPECTEDSTATE The state of the update after its post-reboot operation has completed is unexpected.
0x80242017 WU_E_UH_NEW_SERVICING_STACK_REQUIRED The OS servicing stack must be updated before this update is downloaded or installed.
0x80242FFF WU_E_UH_UNEXPECTED An update handler error not covered by another WU_E_UH_* code.

Download Manager error

Error codes reported from Download-.

0x80246001 WU_E_DM_URLNOTAVAILABLE A download manager operation could not be completed because the requested file does not have a URL.
0x80246002 WU_E_DM_INCORRECTFILEHASH A download manager operation could not be completed because the file digest was not recognized.
0x80246003 WU_E_DM_UNKNOWNALGORITHM A download manager operation could not be completed because the file metadata requested an unrecognized hash algorithm.
0x80246004 WU_E_DM_NEEDDOWNLOADREQUEST An operation could not be completed because a download request is required from the download handler.
0x80246005 WU_E_DM_NONETWORK A download manager operation could not be completed because the network connection was unavailable.
0x80246006 WU_E_DM_WRONGBITSVERSION A download manager operation could not be completed because the version of Background Intelligent Transfer Service (BITS) is incompatible.
0x80246007 WU_E_DM_NOTDOWNLOADED The update has not been downloaded.
0x80246008 WU_E_DM_FAILTOCONNECTTOBITS A download manager operation failed because the download manager was unable to connect the Background Intelligent Transfer Service (BITS).
0x80246009 WU_E_DM_BITSTRANSFERERROR A download manager operation failed because there was an unspecified Background Intelligent Transfer Service (BITS) transfer error.
0x8024600A WU_E_DM_DOWNLOADLOCATIONCHANGED A download must be restarted because the location of the source of the download has changed.
0x8024600B WU_E_DM_CONTENTCHANGED A download must be restarted because the update content changed in a new revision.
0x80246FFF WU_E_DM_UNEXPECTED There was a download manager error not covered by another WU_E_DM_* error code.

Setup and SelfUpdate error

Errors during setup and update of update client.

0x8024D001 WU_E_SETUP_INVALID_INFDATA Windows Update Agent could not be updated because an INF file contains invalid information.
0x8024D002 WU_E_SETUP_INVALID_IDENTDATA Windows Update Agent could not be updated because the wuident.cab file contains invalid information.
0x8024D003 WU_E_SETUP_ALREADY_INITIALIZED Windows Update Agent could not be updated because of an internal error that caused setup initialization to be performed twice.
0x8024D004 WU_E_SETUP_NOT_INITIALIZED Windows Update Agent could not be updated because setup initialization never completed successfully.
0x8024D005 WU_E_SETUP_SOURCE_VERSION_MISMATCH Windows Update Agent could not be updated because the versions specified in the INF do not match the actual source file versions.
0x8024D006 WU_E_SETUP_TARGET_VERSION_GREATER Windows Update Agent could not be updated because a WUA file on the target system is newer than the corresponding source file.
0x8024D007 WU_E_SETUP_REGISTRATION_FAILED Windows Update Agent could not be updated because regsvr32.exe returned an error.
0x8024D008 WU_E_SELFUPDATE_SKIP_ON_FAILURE An update to the Windows Update Agent was skipped because previous attempts to update have failed.
0x8024D009 WU_E_SETUP_SKIP_UPDATE An update to the Windows Update Agent was skipped due to a directive in the wuident.cab file.
0x8024D00A WU_E_SETUP_UNSUPPORTED_CONFIGURATION Windows Update Agent could not be updated because the current system configuration is not supported.
0x8024D00B WU_E_SETUP_BLOCKED_CONFIGURATION Windows Update Agent could not be updated because the system is configured to block the update.
0x8024D00C WU_E_SETUP_REBOOT_TO_FIX Windows Update Agent could not be updated because a restart of the system is required.
0x8024D00D WU_E_SETUP_ALREADYRUNNING Windows Update Agent setup is already running.
0x8024D00E WU_E_SETUP_REBOOTREQUIRED Windows Update Agent setup package requires a reboot to complete installation.
0x8024D00F WU_E_SETUP_HANDLER_EXEC_FAILURE Windows Update Agent could not be updated because the setup handler failed during execution.
0x8024D010 WU_E_SETUP_INVALID_REGISTRY_DATA Windows Update Agent could not be updated because the registry contains invalid information.
0x8024D011 WU_E_SELFUPDATE_REQUIRED Windows Update Agent must be updated before search can continue.
0x8024D012 WU_E_SELFUPDATE_REQUIRED_ADMIN Windows Update Agent must be updated before search can continue. An administrator is required to perform the operation.
0x8024D013 WU_E_SETUP_WRONG_SERVER_VERSION Windows Update Agent could not be updated because the server does not contain update information for this version.
0x8024DFFF WU_E_SETUP_UNEXPECTED Windows Update Agent could not be updated because of an error not covered by another WU_E_SETUP_* error code.

Expression Evaluator error

Error reported by expression evaluator.

0x8024E001 WU_E_EE_UNKNOWN_EXPRESSION An expression evaluator operation could not be completed because an expression was unrecognized.
0x8024E002 WU_E_EE_INVALID_EXPRESSION An expression evaluator operation could not be completed because an expression was invalid.
0x8024E003 WU_E_EE_MISSING_METADATA An expression evaluator operation could not be completed because an expression contains an incorrect number of metadata nodes.
0x8024E004 WU_E_EE_INVALID_VERSION An expression evaluator operation could not be completed because the version of the serialized expression data is invalid.
0x8024E005 WU_E_EE_NOT_INITIALIZED The expression evaluator could not be initialized.
0x8024E006 WU_E_EE_INVALID_ATTRIBUTEDATA An expression evaluator operation could not be completed because there was an invalid attribute.
0x8024E007 WU_E_EE_CLUSTER_ERROR An expression evaluator operation could not be completed because the cluster state of the computer could not be determined.
0x8024EFFF WU_E_EE_UNEXPECTED There was an expression evaluator error not covered by another WU_E_EE_* error code.

UI error

Error codes reported from User Interface UI of update client.

0x80243001 WU_E_INSTALLATION_RESULTS_UNKNOWN_VERSION The results of download and installation could not be read from the registry due to an unrecognized data format version.
0x80243002 WU_E_INSTALLATION_RESULTS_INVALID_DATA The results of download and installation could not be read from the registry due to an invalid data format.
0x80243003 WU_E_INSTALLATION_RESULTS_NOT_FOUND The results of download and installation are not available; the operation may have failed to start.
0x80243004 WU_E_TRAYICON_FAILURE A failure occurred when trying to create an icon in the taskbar notification area.
0x80243FFD WU_E_NON_UI_MODE Unable to show UI when in non-UI mode; WU client UI modules may not be installed.
0x80243FFE WU_E_WUCLTUI_UNSUPPORTED_VERSION Unsupported version of WU client UI exported functions.
0x80243FFF WU_E_AUCLIENT_UNEXPECTED There was a user interface error not covered by another WU_E_AUCLIENT_* error code.

Reporter error

Errors during reporting.

0x8024F001 WU_E_REPORTER_EVENTCACHECORRUPT The event cache file was defective.
0x8024F002 WU_E_REPORTER_EVENTNAMESPACEPARSEFAILED The XML in the event namespace descriptor could not be parsed.
0x8024F003 WU_E_INVALID_EVENT The XML in the event namespace descriptor could not be parsed.
0x8024F004 WU_E_SERVER_BUSY The server rejected an event because the server was too busy.
0x8024FFFF WU_E_REPORTER_UNEXPECTED There was a reporter error not covered by another error code.
0x80247001 WU_E_OL_INVALID_SCANFILE An operation could not be completed because the scan package was invalid.
0x80247002 WU_E_OL_NEWCLIENT_REQUIRED An operation could not be completed because the scan package requires a greater version of the Windows Update Agent.
0x80247FFF WU_E_OL_UNEXPECTED Search using the scan package failed.

Note, that Microsoft may extend this error code list. This list is dated January 2017.

Similar articles
How to decode Windows errors?
Windows 10: Analyze upgrade errors
Windows: How to decode update 0x8024…. errors

[German]Microsoft offers the Windows 10 Upgrade Assistant, which allows you to upgrade a system running Windows 7/8.1 to Windows 10. Now a new bug let the upgrade wizard fail due to a api-ms-win-core-libraryloader-l1-1-1. dll. Here is a fix.

The Windows 10 Upgrade Assistant allows you to upgrade a Windows 7/8.1 installation to Windows 10 and is described here at Microsoft. This possibility of a (free) upgrade should expire on 31.12.2017. Now blog reader Karl has reported a new problem with Windows 10 Upgrade Assistant.

There is a brand-new[ error] in the Windows 10 upgrade assistant which is officially terminates on 31.12.

Took me a few hours to find the solution. At the beginning of December the wizard still works. Now since mid-December the assistant stalls with an error. Also the Assistant’s GUI is now mixed between English and German.

api-ms-win-core-libraryloader-l1-1-1.dll missing

Searching the web for ‘api-ms-win-core-libraryloader-l1-1-1.dll is missing’ results in several hits from mid of December 2017. At Microsoft Answers there is a thread from December 19, 2017, dealing with this issue:

the program can’t start because api-ms-win-core-libraryloader-l1-1-1.ddl is missing from your computer. Try reinstalling the program to fix this problem.

There are a number of people reporting the same problem. The Upgrade Assistant has not been in working since mid-December 2017. At reddit.com, someone posted a solution.

1. Terminate the Windows 10 Upgrade Assistant (close the error dialog).

2. Open file explorer and go to folder C:\Windows\System32\ and right click the file wimgapi.dll and select the context menu command Copy.

3. Then navigate in Explorer to the folder C:\Windows10Upgrade\ and paste the file (right click in folder without selecting any files and select the context menu command Paste).

Choose to overwrite the existing file on the option box that pops up. Rerun the Windows 10 Upgrade software to continue upgrading.The solution has been also presented at YouTube: How to fix api-ms-win-core-libraryloader-l1-1-1.dll is missing while upgrading to Windows 10.

[German]Some Windows 10 users are facing error 0x80244018 during installing an update or a feature upgrade. Here are a few details, what this error means and how to fix it. 

What does error 0x80244018 means?

I stumbled recently upon this error code 0x80244018. A user has reported this issue within German MS Answers forum. According to my blog post Windows 10: Update errors 0x8024xxxx detailed error code 0x80244018 stands for:

WU_E_PT_HTTP_STATUS_FORBIDDEN

Same as HTTP status 403 – server understood the request, but declined to fulfill it.

This means, the HTTP request couldn’t be solved. This is mostly caused by installed third party tools, that are hooked into internet communication.

Uninstall your antivirus software

The best recommendation is to uninstall third party antivirus software and run a clean tool from this vendor to remove installed filed. If a VPN software is installed, try to un-install this software. Then reboot the machine and try to install the update again. Within the MS Answers forum thread mentioned above, deactivating Avira Security Suite was sufficient to solve the issue.

Similar articles
Win10 Wiki
How to decode Windows errors?
Windows 10: Analyze upgrade errors
Windows 10: Update errors 0x8024xxxx detailed