Hi @ll, since more than a year now, Windows Update fails (not only, but most notably) on FRESH installations of Windows 7/8/8.1 (especially their 32-bit editions), which then get NO security updates at all [°]!
One of the many possible causes: Windows Update Client runs out of (virtual) memory during the search for updates and yields 0x8007000E alias E_OUTOFMEMORY [']. According to <https://support.microsoft.com/en-us/kb/3050265> | This update addresses an issue in which Windows Update scans can | fail and generate a 0x8007000E error. and <https://support.microsoft.com/en-us/kb/3161647> | Fix for a Windows Update error 0x8007000E on some computers while | they are updating. this has been fixed in recent versions of the Windows Update Client. BUT: Windows Update does NOT get/fetch this updated Windows Update Client and is stuck! The first action Windows Update Client performs when it contacts the update servers (which happens as soon as an internet connection is available, see <https://support.microsoft.com/en-us/kb/931275>) is to update itself ... on Windows 7 to version 7.6.7600.320, which is but COMPLETELY outdated [²]! Despite the completely outdated version distributed for self-update via Windows Update, the Windows Update Client makes no further attempts to update itself; see the following lines from C:\Windows\WindowsUpdate.log: | 2016-10-06 22:23:01:815 860 dec Agent ************* | 2016-10-06 22:23:01:815 860 dec Agent ** START ** Agent: Finding updates [CallerId = AutomaticUpdates] | 2016-10-06 22:23:01:815 860 dec Agent ********* | 2016-10-06 22:23:01:815 860 dec Agent * Online = Yes; Ignore download priority = No | 2016-10-06 22:23:01:815 860 dec Agent * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1" | 2016-10-06 22:23:01:815 860 dec Agent * ServiceID = {9482F4B4-E343-43B6-B170-9A65BC822C77} Windows Update | 2016-10-06 22:23:01:815 860 dec Agent * Search Scope = {Machine} | 2016-10-06 22:23:01:815 860 dec Setup Checking for agent SelfUpdate | 2016-10-06 22:23:01:815 860 dec Setup Client version: Core: 7.6.7600.320 Aux: 7.6.7600.320 ... | 2016-10-06 22:23:05:184 860 dec Setup SelfUpdate handler update NOT required: Current version: 7.6.7600.320, required version: 7.6.7600.320 See <http://home.arcor.de/skanthak/slipstream.html> for instructions for a fix and some more information! stay tuned Stefan Kanthak [°] since this happens during the search for updates these searches NEVER finish. As result, Windows Update doesn't notify the user that Windows is not up-to-date and misses critical/important security updates! ['] when this happens on FRESH installations of Windows 7, manual installation of KB3124275 alias MS16-001 (the latest update for Internet Explorer 8, which is part of Windows 7) helps. This prunes the search tree sufficiently to avoid this error. [²] the same holds for <https://support.microsoft.com/en-us/kb/949104>, titled "How to update the Windows Update Agent to the latest version", which too offers version 7.6.7600.320 for Windows 7. ARE YOU SERIOUS, MICROSOFT? There are at least 10 later versions of the Windows Update Client for Windows 7: KB3050265, KB3065987, KB3075851, KB3083324, KB3083710, KB3102810, KB3112343, KB3135445, KB3138612 and KB3161647 (and even more for Windows 8/8.1)! _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
