3rd Party Patching through Ninite

·         Download your NinitePro executable

https://ninite.com/ninitepro.exe

·         Upload the executable to somewhere you can download it from automatically (ex. Dropbox)

·         Use a procedure (ex. writefile) to get the executable down to the endpoint, maybe the temp folder.

·         Then use an execute file with something like this as the parameter to the executable:  /select Chrome Dropbox Firefox Flash "Flash (IE)" Java "Java 7" "Java x64" "Java x64 7" Air CutePDF Evernote Reader Silverlight Shockwave "Citrix Receiver" /updateonly /disableautoupdate /disableshortcuts /silent 

Diagnosing and fixing servicing corruption

https://technet.microsoft.com/en-us/library/ee619779(v=ws.10).aspx
http://solution4techgeeks.blogspot.in/2015/06/how-to-fix-csi-payload-file-missing.html

Windows Update taking long to check/scan for updates

Install the update rollup provided below after clean boot

https://support.microsoft.com/en-us/kb/3161608

Post installation reboot the machine and try running check for updates.

80244019

Error Code 80244019

To resolve this problem, follow these steps: 

1. Stop Windows Update service 
2. Rename Software Distribution folder 
3. Start the Windows Update service. 
4. Try to install update. 

80070663

Error Code 80070663

If you are getting the error 80070663 while running Windows Update follow the below Microsoft Support links

https://support.microsoft.com/en-gb/kb/913754

http://microsoftlivesupport.com/blog/tag/80070663/

8007000E

Error Code 8007000E

If Windows Update failed to check for updates and displays error 8007000E

Download and install the patch KB3050265 (https://support.microsoft.com/en-us/kb/3050265)


Try running Check for updates again :)

80070057

Error Code 80070057

In order to resolve this error, reset Windows Update components;

https://support.microsoft.com/en-us/kb/971058

Patch Installation Order

Service packs and patches are installed in the following order:

1. Windows Installer
2. OS related service packs
3. OS update rollups
4. OS critical updates
5. OS non-critical updates
6. OS security updates
7. Office service packs
8. Office update rollups
9. All remaining Office updates

Note: Reboots are forced after each service pack and at the end of each patch group without warning. This is necessary to permit the re-scan and installation of the subsequent groups of patches.

64C

Silverlight update failed to install with error 64C

This issue can occur if an existing installation or uninstall has become corrupt.

Uninstall the Silverlight completely from you machine.
Install a fresh copy.

In case you encounter any error removing Silverlight, download and run the below FixIT

FixIT: https://support.microsoft.com/en-us/kb/2608523

800F081F

Error Code 800F081F

The error code 800F081F usually occurs when Windows Update or Microsoft Update cannot determine the cryptographic service provider, or a file Windows Update requires (named catalog store) is corrupted.

Run System Update Readiness tool to resolve the issue.

80070490

Error Code 80070490

This error code usually occurs when there is a corruption in the Component Based Servicing manifest.

Run System Update Readiness tool and check 'CheckSUR' log under 'c:\Windows\Logs\CBS'.
Look for errors.
If this didn't detect any errors, open cmd prompt as an Administrator.
Run SFC /Scannow.

For patch KB967723:

Please check whether KB967723 has already been installed on your computer through List of installed updates.
If so, it is possible that this update is reoffered.
Go Hide the update.

Uninstall multiple Windows Updates using Batch File

Create a Batch Script to uninstall number of updates together:

Copy the below mentioned commands (replace the 'Windows Update ID' numbers with the ones you want to uninstall) in a text file and save the file with '.bat' extension.

for %%a in (
2844286
2847311
2849470
) do start "" /w wusa /uninstall /kb:%%a /quiet /norestart

Run the Batch File as an Administrator to uninstall the Windows Updates.

List and Uninstall Windows Update through Command

1. Command to get a list of the installed Windows Updates
wmic qfe get "HotFixID" /format:table

This will list the installed updates directly in the console.

2. Run the below mentioned command to get the list of installed Windows Update in a Text file.
wmic qfe list brief /format:texttablewsys >"%Path_of_the_text_file%"

Where %Path_of_the_text_file% is the path of the text file to be created, as C:\Installed_Updates.txt

3. To uninstall an Update, use the below command:
wusa.exe /kb:%HotfixId% /uninstall /quiet /norestart

where %HotfixId% is the 'Windows Update ID' number. For example, to uninstall update KB279503 you need to run the following:

wusa.exe /kb:279503 /uninstall /quiet /norestart

800700CE

 Error Code 800700CE 

If the server is a Sharepoint Server, follow the steps mentioned below:

If the  updates failing to install are TLS security updates which use the "[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Ciphers" registry keys.

1. Export the Registry.
2. Delete the registry key "[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Ciphers\DES 56/56]"
3. Reboot the machine.
4. Ran windows update and install the required patch.
5. Once done, re-import the Registry (as it is required for Sharepoint).

80246007

Error Code 80246007

1. When you receive Error 0x80246008 or 0x80246007, restart the Background Intelligent Transfer       Service (BITS) or the Windows Event Log service.


2. Run Windows Update again.

8024402F

Error Code 8024402F

The error code 8024402F is usually caused by a connection interruption between your computer and the Windows Update servers.


Close Windows Update, wait 5 to 10 minutes, and then run Windows Update again. You can also wait for Windows Update to run at its next scheduled time.

Patch Management Procedure and Best Practice

Windows Patch Management Procedure

Patches can add functionality, correct defective functionality, or address security vulnerabilities that range from low severity to critical. The effective risk is a combination of the likelihood of the vulnerability being exploited, the ease of exploitation, the result of exploitation, and if an exploit is known to exist. A system with no network connection might be highly vulnerable, but is unlikely to be compromised due to its limited exposure. Some vulnerabilities are very difficult to exploit, while others are trivial to take advantage of. The exploitation of a vulnerability can have varied results; some vulnerabilities allow remote access, some give an attacker information, and some may crash a system component or the system itself. Lastly, sometimes attackers use a vulnerability to compromise a system before the patch is available -- that makes the risk higher since it has already been "weaponized."

These Windows patch management procedure considerations are important because the risk posed by a low-severity vulnerability is much less than the risk from a critical-rated vulnerability that has a known exploit (which provides remote access) in the wild. Your patch process should include evaluating the relevance and criticality of each patch to your environment. Since Microsoft patches are released the second Tuesday of every month, it is easy to plan this review into your normal operations schedule.

Your patch-testing plan comes down to evaluating risks and costs: How critical are the systems and how much effort can you allocate to ensuring a patch will not cause functional problems? Is it cheaper to respond to an emergency outage caused by a conflicting patch or to fully test those patches before deployment?

The effort of creating and maintaining a patch testing program is not the only consideration here either; unpatched systems represent a risk to your network, particularly if there is a known or feasible exploit for it. To lessen the risk that a given vulnerability will be exploited, you need to speed up the patch process. The patch process does not need to be the same for all of your systems; you can increase the testing effort for critical systems and skip testing for low-value systems. Adjusting the patch process in accordance with the system value allows you to spend your time where it matters most.

Another Windows patch management approach, either in addition to or in lieu of formal testing, is the use of an early adopter population. By allowing a segment of your population to update before the majority of your systems, you can often reduce the risk that a patch will cause a large disruption. You might have that early adopter population update right away and then update the larger population a week later if the early adopters don't complain.

Patching that super-critical finance/billing/factory/medical server might be deemed risky and undesired, but leaving it unpatched might allow an attacker or worm to compromise the system or crash it. Even worse, someone may be able to break into that system and steal confidential information or tamper with it. I wish I had a dollar for every time I heard "that system is too important to patch!" That thinking is fundamentally flawed; if the system is critical, then it is too important not to patch.

8E5E03FA

Error Code 8E5E03FA

To resolve this problem, follow these steps:

1. Stop the Cryptographic Service and the Windows Update service. To do this, follow these steps:
1. Click Start, click Run, type cmd, and then click OK.
2. At the command prompt, type the following commands, and then press ENTER after each command:
   net stop wuauserv
   net stop cryptsvc
   Exit

2. Rename the Catroot2 folder.
   
   Note Do not follow this step if you are using Microsoft Windows 2000.
   
   To rename the Catroot2 folder, follow these steps:
1. Click Start, click Run, type cmd, and then click OK.
2. At the command prompt, type the following commands, and then press ENTER after each command:
   net stop cryptsvc
   ren %systemroot%\System32\Catroot2 catroot2_old
   net start cryptsvc
   exit
   Important Do not rename the Catroot folder. The Catroot2 folder is automatically recreated by Windows, but the Catroot folder is not recreated if the Catroot folder is renamed.

3. Rename the "SoftwareDistribution" folder:
1. Click Start, click Run, type %systemroot%, and then click OK.
2. Right-click the SoftwareDistribution folder, and then click Rename.
3. Type SoftwareDistribution_old, and then press ENTER to rename this folder.

4. Start the Cryptographic Service, the Windows Update service, and the Event Log service. To do this, follow these steps:
1. Click Start, click Run, type cmd, and then click OK.
2. At the command prompt, type the following commands, and then press ENTER after each command:
   net start cryptsvc
   net start wuauserv
   exit
5. Try installing the updates.

Exchange 2010 SP3 Error 'DataCollectorSvc' process has open files

Error while applying Exchange SP3

Error: Setup cannot continue with the upgrade because the ‘DataCollectorSvc' () process (ID: 1564) has open files. Close the process and restart Setup.

1. Goto Task Manager and open Processes tab

2. Select the DataCollectorSvc.exe and kill the process by clicking on End Process.

3. Click Retry on the Exchange SP3 setup

Exchange 2010 SP3 step-by-step installation (with snapshots)

Download the Exchange SP3 from https://www.microsoft.com/en-US/download/details.aspx?id=36768

Note: If you have Exchange SP1 installed, you do not need to upgrade to SP2 before heading to SP3

Extract the Setup files to a folder

Proceed with the Microsoft Exchange SP3 installation:

1. Browse to the folder where you extracted the setup files and run 'Setup'

2. Select the option “Install Microsoft Exchange Server Upgrade”

3. Follow the steps provided in the snapshots

4. You may get a warning to install KB2550886 which fixes an issue with Windows clustering (can       be ignored in case you are not using clustering).

5. It won’t ask for a reboot at the end of installation but reboot is recommended, so better go ahead         with the reboot.

6. Confirm the version of Exchange, it should be greater than or equal to 14.03.0123.3